Loading...
1/*
2
3 Broadcom B43 wireless driver
4
5 Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
6 Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
7 Copyright (c) 2005-2009 Michael Buesch <m@bues.ch>
8 Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
9 Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
10 Copyright (c) 2010-2011 Rafał Miłecki <zajec5@gmail.com>
11
12 SDIO support
13 Copyright (c) 2009 Albert Herranz <albert_herranz@yahoo.es>
14
15 Some parts of the code in this file are derived from the ipw2200
16 driver Copyright(c) 2003 - 2004 Intel Corporation.
17
18 This program is free software; you can redistribute it and/or modify
19 it under the terms of the GNU General Public License as published by
20 the Free Software Foundation; either version 2 of the License, or
21 (at your option) any later version.
22
23 This program is distributed in the hope that it will be useful,
24 but WITHOUT ANY WARRANTY; without even the implied warranty of
25 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
26 GNU General Public License for more details.
27
28 You should have received a copy of the GNU General Public License
29 along with this program; see the file COPYING. If not, write to
30 the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
31 Boston, MA 02110-1301, USA.
32
33*/
34
35#include <linux/delay.h>
36#include <linux/init.h>
37#include <linux/module.h>
38#include <linux/if_arp.h>
39#include <linux/etherdevice.h>
40#include <linux/firmware.h>
41#include <linux/workqueue.h>
42#include <linux/skbuff.h>
43#include <linux/io.h>
44#include <linux/dma-mapping.h>
45#include <linux/slab.h>
46#include <asm/unaligned.h>
47
48#include "b43.h"
49#include "main.h"
50#include "debugfs.h"
51#include "phy_common.h"
52#include "phy_g.h"
53#include "phy_n.h"
54#include "dma.h"
55#include "pio.h"
56#include "sysfs.h"
57#include "xmit.h"
58#include "lo.h"
59#include "sdio.h"
60#include <linux/mmc/sdio_func.h>
61
62MODULE_DESCRIPTION("Broadcom B43 wireless driver");
63MODULE_AUTHOR("Martin Langer");
64MODULE_AUTHOR("Stefano Brivio");
65MODULE_AUTHOR("Michael Buesch");
66MODULE_AUTHOR("Gábor Stefanik");
67MODULE_AUTHOR("Rafał Miłecki");
68MODULE_LICENSE("GPL");
69
70MODULE_FIRMWARE("b43/ucode11.fw");
71MODULE_FIRMWARE("b43/ucode13.fw");
72MODULE_FIRMWARE("b43/ucode14.fw");
73MODULE_FIRMWARE("b43/ucode15.fw");
74MODULE_FIRMWARE("b43/ucode16_lp.fw");
75MODULE_FIRMWARE("b43/ucode16_mimo.fw");
76MODULE_FIRMWARE("b43/ucode24_lcn.fw");
77MODULE_FIRMWARE("b43/ucode25_lcn.fw");
78MODULE_FIRMWARE("b43/ucode25_mimo.fw");
79MODULE_FIRMWARE("b43/ucode26_mimo.fw");
80MODULE_FIRMWARE("b43/ucode29_mimo.fw");
81MODULE_FIRMWARE("b43/ucode33_lcn40.fw");
82MODULE_FIRMWARE("b43/ucode30_mimo.fw");
83MODULE_FIRMWARE("b43/ucode5.fw");
84MODULE_FIRMWARE("b43/ucode40.fw");
85MODULE_FIRMWARE("b43/ucode42.fw");
86MODULE_FIRMWARE("b43/ucode9.fw");
87
88static int modparam_bad_frames_preempt;
89module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
90MODULE_PARM_DESC(bad_frames_preempt,
91 "enable(1) / disable(0) Bad Frames Preemption");
92
93static char modparam_fwpostfix[16];
94module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
95MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
96
97static int modparam_hwpctl;
98module_param_named(hwpctl, modparam_hwpctl, int, 0444);
99MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
100
101static int modparam_nohwcrypt;
102module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
103MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
104
105static int modparam_hwtkip;
106module_param_named(hwtkip, modparam_hwtkip, int, 0444);
107MODULE_PARM_DESC(hwtkip, "Enable hardware tkip.");
108
109static int modparam_qos = 1;
110module_param_named(qos, modparam_qos, int, 0444);
111MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
112
113static int modparam_btcoex = 1;
114module_param_named(btcoex, modparam_btcoex, int, 0444);
115MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistence (default on)");
116
117int b43_modparam_verbose = B43_VERBOSITY_DEFAULT;
118module_param_named(verbose, b43_modparam_verbose, int, 0644);
119MODULE_PARM_DESC(verbose, "Log message verbosity: 0=error, 1=warn, 2=info(default), 3=debug");
120
121static int b43_modparam_pio = 0;
122module_param_named(pio, b43_modparam_pio, int, 0644);
123MODULE_PARM_DESC(pio, "Use PIO accesses by default: 0=DMA, 1=PIO");
124
125static int modparam_allhwsupport = !IS_ENABLED(CONFIG_BRCMSMAC);
126module_param_named(allhwsupport, modparam_allhwsupport, int, 0444);
127MODULE_PARM_DESC(allhwsupport, "Enable support for all hardware (even it if overlaps with the brcmsmac driver)");
128
129#ifdef CONFIG_B43_BCMA
130static const struct bcma_device_id b43_bcma_tbl[] = {
131 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x11, BCMA_ANY_CLASS),
132 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x15, BCMA_ANY_CLASS),
133 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x17, BCMA_ANY_CLASS),
134 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x18, BCMA_ANY_CLASS),
135 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1C, BCMA_ANY_CLASS),
136 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1D, BCMA_ANY_CLASS),
137 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1E, BCMA_ANY_CLASS),
138 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x28, BCMA_ANY_CLASS),
139 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x2A, BCMA_ANY_CLASS),
140 {},
141};
142MODULE_DEVICE_TABLE(bcma, b43_bcma_tbl);
143#endif
144
145#ifdef CONFIG_B43_SSB
146static const struct ssb_device_id b43_ssb_tbl[] = {
147 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
148 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
149 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
150 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
151 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
152 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
153 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 12),
154 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
155 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 15),
156 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 16),
157 {},
158};
159MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
160#endif
161
162/* Channel and ratetables are shared for all devices.
163 * They can't be const, because ieee80211 puts some precalculated
164 * data in there. This data is the same for all devices, so we don't
165 * get concurrency issues */
166#define RATETAB_ENT(_rateid, _flags) \
167 { \
168 .bitrate = B43_RATE_TO_BASE100KBPS(_rateid), \
169 .hw_value = (_rateid), \
170 .flags = (_flags), \
171 }
172
173/*
174 * NOTE: When changing this, sync with xmit.c's
175 * b43_plcp_get_bitrate_idx_* functions!
176 */
177static struct ieee80211_rate __b43_ratetable[] = {
178 RATETAB_ENT(B43_CCK_RATE_1MB, 0),
179 RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
180 RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
181 RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
182 RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
183 RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
184 RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
185 RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
186 RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
187 RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
188 RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
189 RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
190};
191
192#define b43_a_ratetable (__b43_ratetable + 4)
193#define b43_a_ratetable_size 8
194#define b43_b_ratetable (__b43_ratetable + 0)
195#define b43_b_ratetable_size 4
196#define b43_g_ratetable (__b43_ratetable + 0)
197#define b43_g_ratetable_size 12
198
199#define CHAN2G(_channel, _freq, _flags) { \
200 .band = NL80211_BAND_2GHZ, \
201 .center_freq = (_freq), \
202 .hw_value = (_channel), \
203 .flags = (_flags), \
204 .max_antenna_gain = 0, \
205 .max_power = 30, \
206}
207static struct ieee80211_channel b43_2ghz_chantable[] = {
208 CHAN2G(1, 2412, 0),
209 CHAN2G(2, 2417, 0),
210 CHAN2G(3, 2422, 0),
211 CHAN2G(4, 2427, 0),
212 CHAN2G(5, 2432, 0),
213 CHAN2G(6, 2437, 0),
214 CHAN2G(7, 2442, 0),
215 CHAN2G(8, 2447, 0),
216 CHAN2G(9, 2452, 0),
217 CHAN2G(10, 2457, 0),
218 CHAN2G(11, 2462, 0),
219 CHAN2G(12, 2467, 0),
220 CHAN2G(13, 2472, 0),
221 CHAN2G(14, 2484, 0),
222};
223
224/* No support for the last 3 channels (12, 13, 14) */
225#define b43_2ghz_chantable_limited_size 11
226#undef CHAN2G
227
228#define CHAN4G(_channel, _flags) { \
229 .band = NL80211_BAND_5GHZ, \
230 .center_freq = 4000 + (5 * (_channel)), \
231 .hw_value = (_channel), \
232 .flags = (_flags), \
233 .max_antenna_gain = 0, \
234 .max_power = 30, \
235}
236#define CHAN5G(_channel, _flags) { \
237 .band = NL80211_BAND_5GHZ, \
238 .center_freq = 5000 + (5 * (_channel)), \
239 .hw_value = (_channel), \
240 .flags = (_flags), \
241 .max_antenna_gain = 0, \
242 .max_power = 30, \
243}
244static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
245 CHAN4G(184, 0), CHAN4G(186, 0),
246 CHAN4G(188, 0), CHAN4G(190, 0),
247 CHAN4G(192, 0), CHAN4G(194, 0),
248 CHAN4G(196, 0), CHAN4G(198, 0),
249 CHAN4G(200, 0), CHAN4G(202, 0),
250 CHAN4G(204, 0), CHAN4G(206, 0),
251 CHAN4G(208, 0), CHAN4G(210, 0),
252 CHAN4G(212, 0), CHAN4G(214, 0),
253 CHAN4G(216, 0), CHAN4G(218, 0),
254 CHAN4G(220, 0), CHAN4G(222, 0),
255 CHAN4G(224, 0), CHAN4G(226, 0),
256 CHAN4G(228, 0),
257 CHAN5G(32, 0), CHAN5G(34, 0),
258 CHAN5G(36, 0), CHAN5G(38, 0),
259 CHAN5G(40, 0), CHAN5G(42, 0),
260 CHAN5G(44, 0), CHAN5G(46, 0),
261 CHAN5G(48, 0), CHAN5G(50, 0),
262 CHAN5G(52, 0), CHAN5G(54, 0),
263 CHAN5G(56, 0), CHAN5G(58, 0),
264 CHAN5G(60, 0), CHAN5G(62, 0),
265 CHAN5G(64, 0), CHAN5G(66, 0),
266 CHAN5G(68, 0), CHAN5G(70, 0),
267 CHAN5G(72, 0), CHAN5G(74, 0),
268 CHAN5G(76, 0), CHAN5G(78, 0),
269 CHAN5G(80, 0), CHAN5G(82, 0),
270 CHAN5G(84, 0), CHAN5G(86, 0),
271 CHAN5G(88, 0), CHAN5G(90, 0),
272 CHAN5G(92, 0), CHAN5G(94, 0),
273 CHAN5G(96, 0), CHAN5G(98, 0),
274 CHAN5G(100, 0), CHAN5G(102, 0),
275 CHAN5G(104, 0), CHAN5G(106, 0),
276 CHAN5G(108, 0), CHAN5G(110, 0),
277 CHAN5G(112, 0), CHAN5G(114, 0),
278 CHAN5G(116, 0), CHAN5G(118, 0),
279 CHAN5G(120, 0), CHAN5G(122, 0),
280 CHAN5G(124, 0), CHAN5G(126, 0),
281 CHAN5G(128, 0), CHAN5G(130, 0),
282 CHAN5G(132, 0), CHAN5G(134, 0),
283 CHAN5G(136, 0), CHAN5G(138, 0),
284 CHAN5G(140, 0), CHAN5G(142, 0),
285 CHAN5G(144, 0), CHAN5G(145, 0),
286 CHAN5G(146, 0), CHAN5G(147, 0),
287 CHAN5G(148, 0), CHAN5G(149, 0),
288 CHAN5G(150, 0), CHAN5G(151, 0),
289 CHAN5G(152, 0), CHAN5G(153, 0),
290 CHAN5G(154, 0), CHAN5G(155, 0),
291 CHAN5G(156, 0), CHAN5G(157, 0),
292 CHAN5G(158, 0), CHAN5G(159, 0),
293 CHAN5G(160, 0), CHAN5G(161, 0),
294 CHAN5G(162, 0), CHAN5G(163, 0),
295 CHAN5G(164, 0), CHAN5G(165, 0),
296 CHAN5G(166, 0), CHAN5G(168, 0),
297 CHAN5G(170, 0), CHAN5G(172, 0),
298 CHAN5G(174, 0), CHAN5G(176, 0),
299 CHAN5G(178, 0), CHAN5G(180, 0),
300 CHAN5G(182, 0),
301};
302
303static struct ieee80211_channel b43_5ghz_nphy_chantable_limited[] = {
304 CHAN5G(36, 0), CHAN5G(40, 0),
305 CHAN5G(44, 0), CHAN5G(48, 0),
306 CHAN5G(149, 0), CHAN5G(153, 0),
307 CHAN5G(157, 0), CHAN5G(161, 0),
308 CHAN5G(165, 0),
309};
310
311static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
312 CHAN5G(34, 0), CHAN5G(36, 0),
313 CHAN5G(38, 0), CHAN5G(40, 0),
314 CHAN5G(42, 0), CHAN5G(44, 0),
315 CHAN5G(46, 0), CHAN5G(48, 0),
316 CHAN5G(52, 0), CHAN5G(56, 0),
317 CHAN5G(60, 0), CHAN5G(64, 0),
318 CHAN5G(100, 0), CHAN5G(104, 0),
319 CHAN5G(108, 0), CHAN5G(112, 0),
320 CHAN5G(116, 0), CHAN5G(120, 0),
321 CHAN5G(124, 0), CHAN5G(128, 0),
322 CHAN5G(132, 0), CHAN5G(136, 0),
323 CHAN5G(140, 0), CHAN5G(149, 0),
324 CHAN5G(153, 0), CHAN5G(157, 0),
325 CHAN5G(161, 0), CHAN5G(165, 0),
326 CHAN5G(184, 0), CHAN5G(188, 0),
327 CHAN5G(192, 0), CHAN5G(196, 0),
328 CHAN5G(200, 0), CHAN5G(204, 0),
329 CHAN5G(208, 0), CHAN5G(212, 0),
330 CHAN5G(216, 0),
331};
332#undef CHAN4G
333#undef CHAN5G
334
335static struct ieee80211_supported_band b43_band_5GHz_nphy = {
336 .band = NL80211_BAND_5GHZ,
337 .channels = b43_5ghz_nphy_chantable,
338 .n_channels = ARRAY_SIZE(b43_5ghz_nphy_chantable),
339 .bitrates = b43_a_ratetable,
340 .n_bitrates = b43_a_ratetable_size,
341};
342
343static struct ieee80211_supported_band b43_band_5GHz_nphy_limited = {
344 .band = NL80211_BAND_5GHZ,
345 .channels = b43_5ghz_nphy_chantable_limited,
346 .n_channels = ARRAY_SIZE(b43_5ghz_nphy_chantable_limited),
347 .bitrates = b43_a_ratetable,
348 .n_bitrates = b43_a_ratetable_size,
349};
350
351static struct ieee80211_supported_band b43_band_5GHz_aphy = {
352 .band = NL80211_BAND_5GHZ,
353 .channels = b43_5ghz_aphy_chantable,
354 .n_channels = ARRAY_SIZE(b43_5ghz_aphy_chantable),
355 .bitrates = b43_a_ratetable,
356 .n_bitrates = b43_a_ratetable_size,
357};
358
359static struct ieee80211_supported_band b43_band_2GHz = {
360 .band = NL80211_BAND_2GHZ,
361 .channels = b43_2ghz_chantable,
362 .n_channels = ARRAY_SIZE(b43_2ghz_chantable),
363 .bitrates = b43_g_ratetable,
364 .n_bitrates = b43_g_ratetable_size,
365};
366
367static struct ieee80211_supported_band b43_band_2ghz_limited = {
368 .band = NL80211_BAND_2GHZ,
369 .channels = b43_2ghz_chantable,
370 .n_channels = b43_2ghz_chantable_limited_size,
371 .bitrates = b43_g_ratetable,
372 .n_bitrates = b43_g_ratetable_size,
373};
374
375static void b43_wireless_core_exit(struct b43_wldev *dev);
376static int b43_wireless_core_init(struct b43_wldev *dev);
377static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev);
378static int b43_wireless_core_start(struct b43_wldev *dev);
379static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
380 struct ieee80211_vif *vif,
381 struct ieee80211_bss_conf *conf,
382 u32 changed);
383
384static int b43_ratelimit(struct b43_wl *wl)
385{
386 if (!wl || !wl->current_dev)
387 return 1;
388 if (b43_status(wl->current_dev) < B43_STAT_STARTED)
389 return 1;
390 /* We are up and running.
391 * Ratelimit the messages to avoid DoS over the net. */
392 return net_ratelimit();
393}
394
395void b43info(struct b43_wl *wl, const char *fmt, ...)
396{
397 struct va_format vaf;
398 va_list args;
399
400 if (b43_modparam_verbose < B43_VERBOSITY_INFO)
401 return;
402 if (!b43_ratelimit(wl))
403 return;
404
405 va_start(args, fmt);
406
407 vaf.fmt = fmt;
408 vaf.va = &args;
409
410 printk(KERN_INFO "b43-%s: %pV",
411 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
412
413 va_end(args);
414}
415
416void b43err(struct b43_wl *wl, const char *fmt, ...)
417{
418 struct va_format vaf;
419 va_list args;
420
421 if (b43_modparam_verbose < B43_VERBOSITY_ERROR)
422 return;
423 if (!b43_ratelimit(wl))
424 return;
425
426 va_start(args, fmt);
427
428 vaf.fmt = fmt;
429 vaf.va = &args;
430
431 printk(KERN_ERR "b43-%s ERROR: %pV",
432 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
433
434 va_end(args);
435}
436
437void b43warn(struct b43_wl *wl, const char *fmt, ...)
438{
439 struct va_format vaf;
440 va_list args;
441
442 if (b43_modparam_verbose < B43_VERBOSITY_WARN)
443 return;
444 if (!b43_ratelimit(wl))
445 return;
446
447 va_start(args, fmt);
448
449 vaf.fmt = fmt;
450 vaf.va = &args;
451
452 printk(KERN_WARNING "b43-%s warning: %pV",
453 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
454
455 va_end(args);
456}
457
458void b43dbg(struct b43_wl *wl, const char *fmt, ...)
459{
460 struct va_format vaf;
461 va_list args;
462
463 if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
464 return;
465
466 va_start(args, fmt);
467
468 vaf.fmt = fmt;
469 vaf.va = &args;
470
471 printk(KERN_DEBUG "b43-%s debug: %pV",
472 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
473
474 va_end(args);
475}
476
477static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
478{
479 u32 macctl;
480
481 B43_WARN_ON(offset % 4 != 0);
482
483 macctl = b43_read32(dev, B43_MMIO_MACCTL);
484 if (macctl & B43_MACCTL_BE)
485 val = swab32(val);
486
487 b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
488 mmiowb();
489 b43_write32(dev, B43_MMIO_RAM_DATA, val);
490}
491
492static inline void b43_shm_control_word(struct b43_wldev *dev,
493 u16 routing, u16 offset)
494{
495 u32 control;
496
497 /* "offset" is the WORD offset. */
498 control = routing;
499 control <<= 16;
500 control |= offset;
501 b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
502}
503
504u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
505{
506 u32 ret;
507
508 if (routing == B43_SHM_SHARED) {
509 B43_WARN_ON(offset & 0x0001);
510 if (offset & 0x0003) {
511 /* Unaligned access */
512 b43_shm_control_word(dev, routing, offset >> 2);
513 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
514 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
515 ret |= ((u32)b43_read16(dev, B43_MMIO_SHM_DATA)) << 16;
516
517 goto out;
518 }
519 offset >>= 2;
520 }
521 b43_shm_control_word(dev, routing, offset);
522 ret = b43_read32(dev, B43_MMIO_SHM_DATA);
523out:
524 return ret;
525}
526
527u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
528{
529 u16 ret;
530
531 if (routing == B43_SHM_SHARED) {
532 B43_WARN_ON(offset & 0x0001);
533 if (offset & 0x0003) {
534 /* Unaligned access */
535 b43_shm_control_word(dev, routing, offset >> 2);
536 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
537
538 goto out;
539 }
540 offset >>= 2;
541 }
542 b43_shm_control_word(dev, routing, offset);
543 ret = b43_read16(dev, B43_MMIO_SHM_DATA);
544out:
545 return ret;
546}
547
548void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
549{
550 if (routing == B43_SHM_SHARED) {
551 B43_WARN_ON(offset & 0x0001);
552 if (offset & 0x0003) {
553 /* Unaligned access */
554 b43_shm_control_word(dev, routing, offset >> 2);
555 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
556 value & 0xFFFF);
557 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
558 b43_write16(dev, B43_MMIO_SHM_DATA,
559 (value >> 16) & 0xFFFF);
560 return;
561 }
562 offset >>= 2;
563 }
564 b43_shm_control_word(dev, routing, offset);
565 b43_write32(dev, B43_MMIO_SHM_DATA, value);
566}
567
568void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
569{
570 if (routing == B43_SHM_SHARED) {
571 B43_WARN_ON(offset & 0x0001);
572 if (offset & 0x0003) {
573 /* Unaligned access */
574 b43_shm_control_word(dev, routing, offset >> 2);
575 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
576 return;
577 }
578 offset >>= 2;
579 }
580 b43_shm_control_word(dev, routing, offset);
581 b43_write16(dev, B43_MMIO_SHM_DATA, value);
582}
583
584/* Read HostFlags */
585u64 b43_hf_read(struct b43_wldev *dev)
586{
587 u64 ret;
588
589 ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3);
590 ret <<= 16;
591 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2);
592 ret <<= 16;
593 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1);
594
595 return ret;
596}
597
598/* Write HostFlags */
599void b43_hf_write(struct b43_wldev *dev, u64 value)
600{
601 u16 lo, mi, hi;
602
603 lo = (value & 0x00000000FFFFULL);
604 mi = (value & 0x0000FFFF0000ULL) >> 16;
605 hi = (value & 0xFFFF00000000ULL) >> 32;
606 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1, lo);
607 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2, mi);
608 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3, hi);
609}
610
611/* Read the firmware capabilities bitmask (Opensource firmware only) */
612static u16 b43_fwcapa_read(struct b43_wldev *dev)
613{
614 B43_WARN_ON(!dev->fw.opensource);
615 return b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_FWCAPA);
616}
617
618void b43_tsf_read(struct b43_wldev *dev, u64 *tsf)
619{
620 u32 low, high;
621
622 B43_WARN_ON(dev->dev->core_rev < 3);
623
624 /* The hardware guarantees us an atomic read, if we
625 * read the low register first. */
626 low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
627 high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
628
629 *tsf = high;
630 *tsf <<= 32;
631 *tsf |= low;
632}
633
634static void b43_time_lock(struct b43_wldev *dev)
635{
636 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_TBTTHOLD);
637 /* Commit the write */
638 b43_read32(dev, B43_MMIO_MACCTL);
639}
640
641static void b43_time_unlock(struct b43_wldev *dev)
642{
643 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_TBTTHOLD, 0);
644 /* Commit the write */
645 b43_read32(dev, B43_MMIO_MACCTL);
646}
647
648static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
649{
650 u32 low, high;
651
652 B43_WARN_ON(dev->dev->core_rev < 3);
653
654 low = tsf;
655 high = (tsf >> 32);
656 /* The hardware guarantees us an atomic write, if we
657 * write the low register first. */
658 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, low);
659 mmiowb();
660 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, high);
661 mmiowb();
662}
663
664void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
665{
666 b43_time_lock(dev);
667 b43_tsf_write_locked(dev, tsf);
668 b43_time_unlock(dev);
669}
670
671static
672void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 *mac)
673{
674 static const u8 zero_addr[ETH_ALEN] = { 0 };
675 u16 data;
676
677 if (!mac)
678 mac = zero_addr;
679
680 offset |= 0x0020;
681 b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
682
683 data = mac[0];
684 data |= mac[1] << 8;
685 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
686 data = mac[2];
687 data |= mac[3] << 8;
688 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
689 data = mac[4];
690 data |= mac[5] << 8;
691 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
692}
693
694static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
695{
696 const u8 *mac;
697 const u8 *bssid;
698 u8 mac_bssid[ETH_ALEN * 2];
699 int i;
700 u32 tmp;
701
702 bssid = dev->wl->bssid;
703 mac = dev->wl->mac_addr;
704
705 b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
706
707 memcpy(mac_bssid, mac, ETH_ALEN);
708 memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
709
710 /* Write our MAC address and BSSID to template ram */
711 for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
712 tmp = (u32) (mac_bssid[i + 0]);
713 tmp |= (u32) (mac_bssid[i + 1]) << 8;
714 tmp |= (u32) (mac_bssid[i + 2]) << 16;
715 tmp |= (u32) (mac_bssid[i + 3]) << 24;
716 b43_ram_write(dev, 0x20 + i, tmp);
717 }
718}
719
720static void b43_upload_card_macaddress(struct b43_wldev *dev)
721{
722 b43_write_mac_bssid_templates(dev);
723 b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
724}
725
726static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
727{
728 /* slot_time is in usec. */
729 /* This test used to exit for all but a G PHY. */
730 if (b43_current_band(dev->wl) == NL80211_BAND_5GHZ)
731 return;
732 b43_write16(dev, B43_MMIO_IFSSLOT, 510 + slot_time);
733 /* Shared memory location 0x0010 is the slot time and should be
734 * set to slot_time; however, this register is initially 0 and changing
735 * the value adversely affects the transmit rate for BCM4311
736 * devices. Until this behavior is unterstood, delete this step
737 *
738 * b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
739 */
740}
741
742static void b43_short_slot_timing_enable(struct b43_wldev *dev)
743{
744 b43_set_slot_time(dev, 9);
745}
746
747static void b43_short_slot_timing_disable(struct b43_wldev *dev)
748{
749 b43_set_slot_time(dev, 20);
750}
751
752/* DummyTransmission function, as documented on
753 * http://bcm-v4.sipsolutions.net/802.11/DummyTransmission
754 */
755void b43_dummy_transmission(struct b43_wldev *dev, bool ofdm, bool pa_on)
756{
757 struct b43_phy *phy = &dev->phy;
758 unsigned int i, max_loop;
759 u16 value;
760 u32 buffer[5] = {
761 0x00000000,
762 0x00D40000,
763 0x00000000,
764 0x01000000,
765 0x00000000,
766 };
767
768 if (ofdm) {
769 max_loop = 0x1E;
770 buffer[0] = 0x000201CC;
771 } else {
772 max_loop = 0xFA;
773 buffer[0] = 0x000B846E;
774 }
775
776 for (i = 0; i < 5; i++)
777 b43_ram_write(dev, i * 4, buffer[i]);
778
779 b43_write16(dev, B43_MMIO_XMTSEL, 0x0000);
780
781 if (dev->dev->core_rev < 11)
782 b43_write16(dev, B43_MMIO_WEPCTL, 0x0000);
783 else
784 b43_write16(dev, B43_MMIO_WEPCTL, 0x0100);
785
786 value = (ofdm ? 0x41 : 0x40);
787 b43_write16(dev, B43_MMIO_TXE0_PHYCTL, value);
788 if (phy->type == B43_PHYTYPE_N || phy->type == B43_PHYTYPE_LP ||
789 phy->type == B43_PHYTYPE_LCN)
790 b43_write16(dev, B43_MMIO_TXE0_PHYCTL1, 0x1A02);
791
792 b43_write16(dev, B43_MMIO_TXE0_WM_0, 0x0000);
793 b43_write16(dev, B43_MMIO_TXE0_WM_1, 0x0000);
794
795 b43_write16(dev, B43_MMIO_XMTTPLATETXPTR, 0x0000);
796 b43_write16(dev, B43_MMIO_XMTTXCNT, 0x0014);
797 b43_write16(dev, B43_MMIO_XMTSEL, 0x0826);
798 b43_write16(dev, B43_MMIO_TXE0_CTL, 0x0000);
799
800 if (!pa_on && phy->type == B43_PHYTYPE_N)
801 ; /*b43_nphy_pa_override(dev, false) */
802
803 switch (phy->type) {
804 case B43_PHYTYPE_N:
805 case B43_PHYTYPE_LCN:
806 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x00D0);
807 break;
808 case B43_PHYTYPE_LP:
809 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0050);
810 break;
811 default:
812 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0030);
813 }
814 b43_read16(dev, B43_MMIO_TXE0_AUX);
815
816 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
817 b43_radio_write16(dev, 0x0051, 0x0017);
818 for (i = 0x00; i < max_loop; i++) {
819 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
820 if (value & 0x0080)
821 break;
822 udelay(10);
823 }
824 for (i = 0x00; i < 0x0A; i++) {
825 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
826 if (value & 0x0400)
827 break;
828 udelay(10);
829 }
830 for (i = 0x00; i < 0x19; i++) {
831 value = b43_read16(dev, B43_MMIO_IFSSTAT);
832 if (!(value & 0x0100))
833 break;
834 udelay(10);
835 }
836 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
837 b43_radio_write16(dev, 0x0051, 0x0037);
838}
839
840static void key_write(struct b43_wldev *dev,
841 u8 index, u8 algorithm, const u8 *key)
842{
843 unsigned int i;
844 u32 offset;
845 u16 value;
846 u16 kidx;
847
848 /* Key index/algo block */
849 kidx = b43_kidx_to_fw(dev, index);
850 value = ((kidx << 4) | algorithm);
851 b43_shm_write16(dev, B43_SHM_SHARED,
852 B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
853
854 /* Write the key to the Key Table Pointer offset */
855 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
856 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
857 value = key[i];
858 value |= (u16) (key[i + 1]) << 8;
859 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
860 }
861}
862
863static void keymac_write(struct b43_wldev *dev, u8 index, const u8 *addr)
864{
865 u32 addrtmp[2] = { 0, 0, };
866 u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
867
868 if (b43_new_kidx_api(dev))
869 pairwise_keys_start = B43_NR_GROUP_KEYS;
870
871 B43_WARN_ON(index < pairwise_keys_start);
872 /* We have four default TX keys and possibly four default RX keys.
873 * Physical mac 0 is mapped to physical key 4 or 8, depending
874 * on the firmware version.
875 * So we must adjust the index here.
876 */
877 index -= pairwise_keys_start;
878 B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
879
880 if (addr) {
881 addrtmp[0] = addr[0];
882 addrtmp[0] |= ((u32) (addr[1]) << 8);
883 addrtmp[0] |= ((u32) (addr[2]) << 16);
884 addrtmp[0] |= ((u32) (addr[3]) << 24);
885 addrtmp[1] = addr[4];
886 addrtmp[1] |= ((u32) (addr[5]) << 8);
887 }
888
889 /* Receive match transmitter address (RCMTA) mechanism */
890 b43_shm_write32(dev, B43_SHM_RCMTA,
891 (index * 2) + 0, addrtmp[0]);
892 b43_shm_write16(dev, B43_SHM_RCMTA,
893 (index * 2) + 1, addrtmp[1]);
894}
895
896/* The ucode will use phase1 key with TEK key to decrypt rx packets.
897 * When a packet is received, the iv32 is checked.
898 * - if it doesn't the packet is returned without modification (and software
899 * decryption can be done). That's what happen when iv16 wrap.
900 * - if it does, the rc4 key is computed, and decryption is tried.
901 * Either it will success and B43_RX_MAC_DEC is returned,
902 * either it fails and B43_RX_MAC_DEC|B43_RX_MAC_DECERR is returned
903 * and the packet is not usable (it got modified by the ucode).
904 * So in order to never have B43_RX_MAC_DECERR, we should provide
905 * a iv32 and phase1key that match. Because we drop packets in case of
906 * B43_RX_MAC_DECERR, if we have a correct iv32 but a wrong phase1key, all
907 * packets will be lost without higher layer knowing (ie no resync possible
908 * until next wrap).
909 *
910 * NOTE : this should support 50 key like RCMTA because
911 * (B43_SHM_SH_KEYIDXBLOCK - B43_SHM_SH_TKIPTSCTTAK)/14 = 50
912 */
913static void rx_tkip_phase1_write(struct b43_wldev *dev, u8 index, u32 iv32,
914 u16 *phase1key)
915{
916 unsigned int i;
917 u32 offset;
918 u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
919
920 if (!modparam_hwtkip)
921 return;
922
923 if (b43_new_kidx_api(dev))
924 pairwise_keys_start = B43_NR_GROUP_KEYS;
925
926 B43_WARN_ON(index < pairwise_keys_start);
927 /* We have four default TX keys and possibly four default RX keys.
928 * Physical mac 0 is mapped to physical key 4 or 8, depending
929 * on the firmware version.
930 * So we must adjust the index here.
931 */
932 index -= pairwise_keys_start;
933 B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
934
935 if (b43_debug(dev, B43_DBG_KEYS)) {
936 b43dbg(dev->wl, "rx_tkip_phase1_write : idx 0x%x, iv32 0x%x\n",
937 index, iv32);
938 }
939 /* Write the key to the RX tkip shared mem */
940 offset = B43_SHM_SH_TKIPTSCTTAK + index * (10 + 4);
941 for (i = 0; i < 10; i += 2) {
942 b43_shm_write16(dev, B43_SHM_SHARED, offset + i,
943 phase1key ? phase1key[i / 2] : 0);
944 }
945 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, iv32);
946 b43_shm_write16(dev, B43_SHM_SHARED, offset + i + 2, iv32 >> 16);
947}
948
949static void b43_op_update_tkip_key(struct ieee80211_hw *hw,
950 struct ieee80211_vif *vif,
951 struct ieee80211_key_conf *keyconf,
952 struct ieee80211_sta *sta,
953 u32 iv32, u16 *phase1key)
954{
955 struct b43_wl *wl = hw_to_b43_wl(hw);
956 struct b43_wldev *dev;
957 int index = keyconf->hw_key_idx;
958
959 if (B43_WARN_ON(!modparam_hwtkip))
960 return;
961
962 /* This is only called from the RX path through mac80211, where
963 * our mutex is already locked. */
964 B43_WARN_ON(!mutex_is_locked(&wl->mutex));
965 dev = wl->current_dev;
966 B43_WARN_ON(!dev || b43_status(dev) < B43_STAT_INITIALIZED);
967
968 keymac_write(dev, index, NULL); /* First zero out mac to avoid race */
969
970 rx_tkip_phase1_write(dev, index, iv32, phase1key);
971 /* only pairwise TKIP keys are supported right now */
972 if (WARN_ON(!sta))
973 return;
974 keymac_write(dev, index, sta->addr);
975}
976
977static void do_key_write(struct b43_wldev *dev,
978 u8 index, u8 algorithm,
979 const u8 *key, size_t key_len, const u8 *mac_addr)
980{
981 u8 buf[B43_SEC_KEYSIZE] = { 0, };
982 u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
983
984 if (b43_new_kidx_api(dev))
985 pairwise_keys_start = B43_NR_GROUP_KEYS;
986
987 B43_WARN_ON(index >= ARRAY_SIZE(dev->key));
988 B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
989
990 if (index >= pairwise_keys_start)
991 keymac_write(dev, index, NULL); /* First zero out mac. */
992 if (algorithm == B43_SEC_ALGO_TKIP) {
993 /*
994 * We should provide an initial iv32, phase1key pair.
995 * We could start with iv32=0 and compute the corresponding
996 * phase1key, but this means calling ieee80211_get_tkip_key
997 * with a fake skb (or export other tkip function).
998 * Because we are lazy we hope iv32 won't start with
999 * 0xffffffff and let's b43_op_update_tkip_key provide a
1000 * correct pair.
1001 */
1002 rx_tkip_phase1_write(dev, index, 0xffffffff, (u16*)buf);
1003 } else if (index >= pairwise_keys_start) /* clear it */
1004 rx_tkip_phase1_write(dev, index, 0, NULL);
1005 if (key)
1006 memcpy(buf, key, key_len);
1007 key_write(dev, index, algorithm, buf);
1008 if (index >= pairwise_keys_start)
1009 keymac_write(dev, index, mac_addr);
1010
1011 dev->key[index].algorithm = algorithm;
1012}
1013
1014static int b43_key_write(struct b43_wldev *dev,
1015 int index, u8 algorithm,
1016 const u8 *key, size_t key_len,
1017 const u8 *mac_addr,
1018 struct ieee80211_key_conf *keyconf)
1019{
1020 int i;
1021 int pairwise_keys_start;
1022
1023 /* For ALG_TKIP the key is encoded as a 256-bit (32 byte) data block:
1024 * - Temporal Encryption Key (128 bits)
1025 * - Temporal Authenticator Tx MIC Key (64 bits)
1026 * - Temporal Authenticator Rx MIC Key (64 bits)
1027 *
1028 * Hardware only store TEK
1029 */
1030 if (algorithm == B43_SEC_ALGO_TKIP && key_len == 32)
1031 key_len = 16;
1032 if (key_len > B43_SEC_KEYSIZE)
1033 return -EINVAL;
1034 for (i = 0; i < ARRAY_SIZE(dev->key); i++) {
1035 /* Check that we don't already have this key. */
1036 B43_WARN_ON(dev->key[i].keyconf == keyconf);
1037 }
1038 if (index < 0) {
1039 /* Pairwise key. Get an empty slot for the key. */
1040 if (b43_new_kidx_api(dev))
1041 pairwise_keys_start = B43_NR_GROUP_KEYS;
1042 else
1043 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1044 for (i = pairwise_keys_start;
1045 i < pairwise_keys_start + B43_NR_PAIRWISE_KEYS;
1046 i++) {
1047 B43_WARN_ON(i >= ARRAY_SIZE(dev->key));
1048 if (!dev->key[i].keyconf) {
1049 /* found empty */
1050 index = i;
1051 break;
1052 }
1053 }
1054 if (index < 0) {
1055 b43warn(dev->wl, "Out of hardware key memory\n");
1056 return -ENOSPC;
1057 }
1058 } else
1059 B43_WARN_ON(index > 3);
1060
1061 do_key_write(dev, index, algorithm, key, key_len, mac_addr);
1062 if ((index <= 3) && !b43_new_kidx_api(dev)) {
1063 /* Default RX key */
1064 B43_WARN_ON(mac_addr);
1065 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
1066 }
1067 keyconf->hw_key_idx = index;
1068 dev->key[index].keyconf = keyconf;
1069
1070 return 0;
1071}
1072
1073static int b43_key_clear(struct b43_wldev *dev, int index)
1074{
1075 if (B43_WARN_ON((index < 0) || (index >= ARRAY_SIZE(dev->key))))
1076 return -EINVAL;
1077 do_key_write(dev, index, B43_SEC_ALGO_NONE,
1078 NULL, B43_SEC_KEYSIZE, NULL);
1079 if ((index <= 3) && !b43_new_kidx_api(dev)) {
1080 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
1081 NULL, B43_SEC_KEYSIZE, NULL);
1082 }
1083 dev->key[index].keyconf = NULL;
1084
1085 return 0;
1086}
1087
1088static void b43_clear_keys(struct b43_wldev *dev)
1089{
1090 int i, count;
1091
1092 if (b43_new_kidx_api(dev))
1093 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1094 else
1095 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1096 for (i = 0; i < count; i++)
1097 b43_key_clear(dev, i);
1098}
1099
1100static void b43_dump_keymemory(struct b43_wldev *dev)
1101{
1102 unsigned int i, index, count, offset, pairwise_keys_start;
1103 u8 mac[ETH_ALEN];
1104 u16 algo;
1105 u32 rcmta0;
1106 u16 rcmta1;
1107 u64 hf;
1108 struct b43_key *key;
1109
1110 if (!b43_debug(dev, B43_DBG_KEYS))
1111 return;
1112
1113 hf = b43_hf_read(dev);
1114 b43dbg(dev->wl, "Hardware key memory dump: USEDEFKEYS=%u\n",
1115 !!(hf & B43_HF_USEDEFKEYS));
1116 if (b43_new_kidx_api(dev)) {
1117 pairwise_keys_start = B43_NR_GROUP_KEYS;
1118 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1119 } else {
1120 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1121 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1122 }
1123 for (index = 0; index < count; index++) {
1124 key = &(dev->key[index]);
1125 printk(KERN_DEBUG "Key slot %02u: %s",
1126 index, (key->keyconf == NULL) ? " " : "*");
1127 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
1128 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
1129 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1130 printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1131 }
1132
1133 algo = b43_shm_read16(dev, B43_SHM_SHARED,
1134 B43_SHM_SH_KEYIDXBLOCK + (index * 2));
1135 printk(" Algo: %04X/%02X", algo, key->algorithm);
1136
1137 if (index >= pairwise_keys_start) {
1138 if (key->algorithm == B43_SEC_ALGO_TKIP) {
1139 printk(" TKIP: ");
1140 offset = B43_SHM_SH_TKIPTSCTTAK + (index - 4) * (10 + 4);
1141 for (i = 0; i < 14; i += 2) {
1142 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1143 printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1144 }
1145 }
1146 rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
1147 ((index - pairwise_keys_start) * 2) + 0);
1148 rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
1149 ((index - pairwise_keys_start) * 2) + 1);
1150 *((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
1151 *((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
1152 printk(" MAC: %pM", mac);
1153 } else
1154 printk(" DEFAULT KEY");
1155 printk("\n");
1156 }
1157}
1158
1159void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
1160{
1161 u32 macctl;
1162 u16 ucstat;
1163 bool hwps;
1164 bool awake;
1165 int i;
1166
1167 B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1168 (ps_flags & B43_PS_DISABLED));
1169 B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1170
1171 if (ps_flags & B43_PS_ENABLED) {
1172 hwps = true;
1173 } else if (ps_flags & B43_PS_DISABLED) {
1174 hwps = false;
1175 } else {
1176 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1177 // and thus is not an AP and we are associated, set bit 25
1178 }
1179 if (ps_flags & B43_PS_AWAKE) {
1180 awake = true;
1181 } else if (ps_flags & B43_PS_ASLEEP) {
1182 awake = false;
1183 } else {
1184 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1185 // or we are associated, or FIXME, or the latest PS-Poll packet sent was
1186 // successful, set bit26
1187 }
1188
1189/* FIXME: For now we force awake-on and hwps-off */
1190 hwps = false;
1191 awake = true;
1192
1193 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1194 if (hwps)
1195 macctl |= B43_MACCTL_HWPS;
1196 else
1197 macctl &= ~B43_MACCTL_HWPS;
1198 if (awake)
1199 macctl |= B43_MACCTL_AWAKE;
1200 else
1201 macctl &= ~B43_MACCTL_AWAKE;
1202 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1203 /* Commit write */
1204 b43_read32(dev, B43_MMIO_MACCTL);
1205 if (awake && dev->dev->core_rev >= 5) {
1206 /* Wait for the microcode to wake up. */
1207 for (i = 0; i < 100; i++) {
1208 ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1209 B43_SHM_SH_UCODESTAT);
1210 if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1211 break;
1212 udelay(10);
1213 }
1214 }
1215}
1216
1217/* http://bcm-v4.sipsolutions.net/802.11/PHY/BmacCorePllReset */
1218void b43_wireless_core_phy_pll_reset(struct b43_wldev *dev)
1219{
1220 struct bcma_drv_cc *bcma_cc __maybe_unused;
1221 struct ssb_chipcommon *ssb_cc __maybe_unused;
1222
1223 switch (dev->dev->bus_type) {
1224#ifdef CONFIG_B43_BCMA
1225 case B43_BUS_BCMA:
1226 bcma_cc = &dev->dev->bdev->bus->drv_cc;
1227
1228 bcma_cc_write32(bcma_cc, BCMA_CC_PMU_CHIPCTL_ADDR, 0);
1229 bcma_cc_mask32(bcma_cc, BCMA_CC_PMU_CHIPCTL_DATA, ~0x4);
1230 bcma_cc_set32(bcma_cc, BCMA_CC_PMU_CHIPCTL_DATA, 0x4);
1231 bcma_cc_mask32(bcma_cc, BCMA_CC_PMU_CHIPCTL_DATA, ~0x4);
1232 break;
1233#endif
1234#ifdef CONFIG_B43_SSB
1235 case B43_BUS_SSB:
1236 ssb_cc = &dev->dev->sdev->bus->chipco;
1237
1238 chipco_write32(ssb_cc, SSB_CHIPCO_CHIPCTL_ADDR, 0);
1239 chipco_mask32(ssb_cc, SSB_CHIPCO_CHIPCTL_DATA, ~0x4);
1240 chipco_set32(ssb_cc, SSB_CHIPCO_CHIPCTL_DATA, 0x4);
1241 chipco_mask32(ssb_cc, SSB_CHIPCO_CHIPCTL_DATA, ~0x4);
1242 break;
1243#endif
1244 }
1245}
1246
1247#ifdef CONFIG_B43_BCMA
1248static void b43_bcma_phy_reset(struct b43_wldev *dev)
1249{
1250 u32 flags;
1251
1252 /* Put PHY into reset */
1253 flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1254 flags |= B43_BCMA_IOCTL_PHY_RESET;
1255 flags |= B43_BCMA_IOCTL_PHY_BW_20MHZ; /* Make 20 MHz def */
1256 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1257 udelay(2);
1258
1259 b43_phy_take_out_of_reset(dev);
1260}
1261
1262static void b43_bcma_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1263{
1264 u32 req = B43_BCMA_CLKCTLST_80211_PLL_REQ |
1265 B43_BCMA_CLKCTLST_PHY_PLL_REQ;
1266 u32 status = B43_BCMA_CLKCTLST_80211_PLL_ST |
1267 B43_BCMA_CLKCTLST_PHY_PLL_ST;
1268 u32 flags;
1269
1270 flags = B43_BCMA_IOCTL_PHY_CLKEN;
1271 if (gmode)
1272 flags |= B43_BCMA_IOCTL_GMODE;
1273 b43_device_enable(dev, flags);
1274
1275 if (dev->phy.type == B43_PHYTYPE_AC) {
1276 u16 tmp;
1277
1278 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1279 tmp &= ~B43_BCMA_IOCTL_DAC;
1280 tmp |= 0x100;
1281 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
1282
1283 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1284 tmp &= ~B43_BCMA_IOCTL_PHY_CLKEN;
1285 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
1286
1287 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1288 tmp |= B43_BCMA_IOCTL_PHY_CLKEN;
1289 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
1290 }
1291
1292 bcma_core_set_clockmode(dev->dev->bdev, BCMA_CLKMODE_FAST);
1293 b43_bcma_phy_reset(dev);
1294 bcma_core_pll_ctl(dev->dev->bdev, req, status, true);
1295}
1296#endif
1297
1298#ifdef CONFIG_B43_SSB
1299static void b43_ssb_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1300{
1301 u32 flags = 0;
1302
1303 if (gmode)
1304 flags |= B43_TMSLOW_GMODE;
1305 flags |= B43_TMSLOW_PHYCLKEN;
1306 flags |= B43_TMSLOW_PHYRESET;
1307 if (dev->phy.type == B43_PHYTYPE_N)
1308 flags |= B43_TMSLOW_PHY_BANDWIDTH_20MHZ; /* Make 20 MHz def */
1309 b43_device_enable(dev, flags);
1310 msleep(2); /* Wait for the PLL to turn on. */
1311
1312 b43_phy_take_out_of_reset(dev);
1313}
1314#endif
1315
1316void b43_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1317{
1318 u32 macctl;
1319
1320 switch (dev->dev->bus_type) {
1321#ifdef CONFIG_B43_BCMA
1322 case B43_BUS_BCMA:
1323 b43_bcma_wireless_core_reset(dev, gmode);
1324 break;
1325#endif
1326#ifdef CONFIG_B43_SSB
1327 case B43_BUS_SSB:
1328 b43_ssb_wireless_core_reset(dev, gmode);
1329 break;
1330#endif
1331 }
1332
1333 /* Turn Analog ON, but only if we already know the PHY-type.
1334 * This protects against very early setup where we don't know the
1335 * PHY-type, yet. wireless_core_reset will be called once again later,
1336 * when we know the PHY-type. */
1337 if (dev->phy.ops)
1338 dev->phy.ops->switch_analog(dev, 1);
1339
1340 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1341 macctl &= ~B43_MACCTL_GMODE;
1342 if (gmode)
1343 macctl |= B43_MACCTL_GMODE;
1344 macctl |= B43_MACCTL_IHR_ENABLED;
1345 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1346}
1347
1348static void handle_irq_transmit_status(struct b43_wldev *dev)
1349{
1350 u32 v0, v1;
1351 u16 tmp;
1352 struct b43_txstatus stat;
1353
1354 while (1) {
1355 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1356 if (!(v0 & 0x00000001))
1357 break;
1358 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1359
1360 stat.cookie = (v0 >> 16);
1361 stat.seq = (v1 & 0x0000FFFF);
1362 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1363 tmp = (v0 & 0x0000FFFF);
1364 stat.frame_count = ((tmp & 0xF000) >> 12);
1365 stat.rts_count = ((tmp & 0x0F00) >> 8);
1366 stat.supp_reason = ((tmp & 0x001C) >> 2);
1367 stat.pm_indicated = !!(tmp & 0x0080);
1368 stat.intermediate = !!(tmp & 0x0040);
1369 stat.for_ampdu = !!(tmp & 0x0020);
1370 stat.acked = !!(tmp & 0x0002);
1371
1372 b43_handle_txstatus(dev, &stat);
1373 }
1374}
1375
1376static void drain_txstatus_queue(struct b43_wldev *dev)
1377{
1378 u32 dummy;
1379
1380 if (dev->dev->core_rev < 5)
1381 return;
1382 /* Read all entries from the microcode TXstatus FIFO
1383 * and throw them away.
1384 */
1385 while (1) {
1386 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1387 if (!(dummy & 0x00000001))
1388 break;
1389 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1390 }
1391}
1392
1393static u32 b43_jssi_read(struct b43_wldev *dev)
1394{
1395 u32 val = 0;
1396
1397 val = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI1);
1398 val <<= 16;
1399 val |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI0);
1400
1401 return val;
1402}
1403
1404static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1405{
1406 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI0,
1407 (jssi & 0x0000FFFF));
1408 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI1,
1409 (jssi & 0xFFFF0000) >> 16);
1410}
1411
1412static void b43_generate_noise_sample(struct b43_wldev *dev)
1413{
1414 b43_jssi_write(dev, 0x7F7F7F7F);
1415 b43_write32(dev, B43_MMIO_MACCMD,
1416 b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1417}
1418
1419static void b43_calculate_link_quality(struct b43_wldev *dev)
1420{
1421 /* Top half of Link Quality calculation. */
1422
1423 if (dev->phy.type != B43_PHYTYPE_G)
1424 return;
1425 if (dev->noisecalc.calculation_running)
1426 return;
1427 dev->noisecalc.calculation_running = true;
1428 dev->noisecalc.nr_samples = 0;
1429
1430 b43_generate_noise_sample(dev);
1431}
1432
1433static void handle_irq_noise(struct b43_wldev *dev)
1434{
1435 struct b43_phy_g *phy = dev->phy.g;
1436 u16 tmp;
1437 u8 noise[4];
1438 u8 i, j;
1439 s32 average;
1440
1441 /* Bottom half of Link Quality calculation. */
1442
1443 if (dev->phy.type != B43_PHYTYPE_G)
1444 return;
1445
1446 /* Possible race condition: It might be possible that the user
1447 * changed to a different channel in the meantime since we
1448 * started the calculation. We ignore that fact, since it's
1449 * not really that much of a problem. The background noise is
1450 * an estimation only anyway. Slightly wrong results will get damped
1451 * by the averaging of the 8 sample rounds. Additionally the
1452 * value is shortlived. So it will be replaced by the next noise
1453 * calculation round soon. */
1454
1455 B43_WARN_ON(!dev->noisecalc.calculation_running);
1456 *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1457 if (noise[0] == 0x7F || noise[1] == 0x7F ||
1458 noise[2] == 0x7F || noise[3] == 0x7F)
1459 goto generate_new;
1460
1461 /* Get the noise samples. */
1462 B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1463 i = dev->noisecalc.nr_samples;
1464 noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1465 noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1466 noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1467 noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1468 dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1469 dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1470 dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1471 dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1472 dev->noisecalc.nr_samples++;
1473 if (dev->noisecalc.nr_samples == 8) {
1474 /* Calculate the Link Quality by the noise samples. */
1475 average = 0;
1476 for (i = 0; i < 8; i++) {
1477 for (j = 0; j < 4; j++)
1478 average += dev->noisecalc.samples[i][j];
1479 }
1480 average /= (8 * 4);
1481 average *= 125;
1482 average += 64;
1483 average /= 128;
1484 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1485 tmp = (tmp / 128) & 0x1F;
1486 if (tmp >= 8)
1487 average += 2;
1488 else
1489 average -= 25;
1490 if (tmp == 8)
1491 average -= 72;
1492 else
1493 average -= 48;
1494
1495 dev->stats.link_noise = average;
1496 dev->noisecalc.calculation_running = false;
1497 return;
1498 }
1499generate_new:
1500 b43_generate_noise_sample(dev);
1501}
1502
1503static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1504{
1505 if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1506 ///TODO: PS TBTT
1507 } else {
1508 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1509 b43_power_saving_ctl_bits(dev, 0);
1510 }
1511 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1512 dev->dfq_valid = true;
1513}
1514
1515static void handle_irq_atim_end(struct b43_wldev *dev)
1516{
1517 if (dev->dfq_valid) {
1518 b43_write32(dev, B43_MMIO_MACCMD,
1519 b43_read32(dev, B43_MMIO_MACCMD)
1520 | B43_MACCMD_DFQ_VALID);
1521 dev->dfq_valid = false;
1522 }
1523}
1524
1525static void handle_irq_pmq(struct b43_wldev *dev)
1526{
1527 u32 tmp;
1528
1529 //TODO: AP mode.
1530
1531 while (1) {
1532 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1533 if (!(tmp & 0x00000008))
1534 break;
1535 }
1536 /* 16bit write is odd, but correct. */
1537 b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1538}
1539
1540static void b43_write_template_common(struct b43_wldev *dev,
1541 const u8 *data, u16 size,
1542 u16 ram_offset,
1543 u16 shm_size_offset, u8 rate)
1544{
1545 u32 i, tmp;
1546 struct b43_plcp_hdr4 plcp;
1547
1548 plcp.data = 0;
1549 b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1550 b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1551 ram_offset += sizeof(u32);
1552 /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1553 * So leave the first two bytes of the next write blank.
1554 */
1555 tmp = (u32) (data[0]) << 16;
1556 tmp |= (u32) (data[1]) << 24;
1557 b43_ram_write(dev, ram_offset, tmp);
1558 ram_offset += sizeof(u32);
1559 for (i = 2; i < size; i += sizeof(u32)) {
1560 tmp = (u32) (data[i + 0]);
1561 if (i + 1 < size)
1562 tmp |= (u32) (data[i + 1]) << 8;
1563 if (i + 2 < size)
1564 tmp |= (u32) (data[i + 2]) << 16;
1565 if (i + 3 < size)
1566 tmp |= (u32) (data[i + 3]) << 24;
1567 b43_ram_write(dev, ram_offset + i - 2, tmp);
1568 }
1569 b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1570 size + sizeof(struct b43_plcp_hdr6));
1571}
1572
1573/* Check if the use of the antenna that ieee80211 told us to
1574 * use is possible. This will fall back to DEFAULT.
1575 * "antenna_nr" is the antenna identifier we got from ieee80211. */
1576u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1577 u8 antenna_nr)
1578{
1579 u8 antenna_mask;
1580
1581 if (antenna_nr == 0) {
1582 /* Zero means "use default antenna". That's always OK. */
1583 return 0;
1584 }
1585
1586 /* Get the mask of available antennas. */
1587 if (dev->phy.gmode)
1588 antenna_mask = dev->dev->bus_sprom->ant_available_bg;
1589 else
1590 antenna_mask = dev->dev->bus_sprom->ant_available_a;
1591
1592 if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1593 /* This antenna is not available. Fall back to default. */
1594 return 0;
1595 }
1596
1597 return antenna_nr;
1598}
1599
1600/* Convert a b43 antenna number value to the PHY TX control value. */
1601static u16 b43_antenna_to_phyctl(int antenna)
1602{
1603 switch (antenna) {
1604 case B43_ANTENNA0:
1605 return B43_TXH_PHY_ANT0;
1606 case B43_ANTENNA1:
1607 return B43_TXH_PHY_ANT1;
1608 case B43_ANTENNA2:
1609 return B43_TXH_PHY_ANT2;
1610 case B43_ANTENNA3:
1611 return B43_TXH_PHY_ANT3;
1612 case B43_ANTENNA_AUTO0:
1613 case B43_ANTENNA_AUTO1:
1614 return B43_TXH_PHY_ANT01AUTO;
1615 }
1616 B43_WARN_ON(1);
1617 return 0;
1618}
1619
1620static void b43_write_beacon_template(struct b43_wldev *dev,
1621 u16 ram_offset,
1622 u16 shm_size_offset)
1623{
1624 unsigned int i, len, variable_len;
1625 const struct ieee80211_mgmt *bcn;
1626 const u8 *ie;
1627 bool tim_found = false;
1628 unsigned int rate;
1629 u16 ctl;
1630 int antenna;
1631 struct ieee80211_tx_info *info;
1632 unsigned long flags;
1633 struct sk_buff *beacon_skb;
1634
1635 spin_lock_irqsave(&dev->wl->beacon_lock, flags);
1636 info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1637 rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1638 /* Clone the beacon, so it cannot go away, while we write it to hw. */
1639 beacon_skb = skb_clone(dev->wl->current_beacon, GFP_ATOMIC);
1640 spin_unlock_irqrestore(&dev->wl->beacon_lock, flags);
1641
1642 if (!beacon_skb) {
1643 b43dbg(dev->wl, "Could not upload beacon. "
1644 "Failed to clone beacon skb.");
1645 return;
1646 }
1647
1648 bcn = (const struct ieee80211_mgmt *)(beacon_skb->data);
1649 len = min_t(size_t, beacon_skb->len,
1650 0x200 - sizeof(struct b43_plcp_hdr6));
1651
1652 b43_write_template_common(dev, (const u8 *)bcn,
1653 len, ram_offset, shm_size_offset, rate);
1654
1655 /* Write the PHY TX control parameters. */
1656 antenna = B43_ANTENNA_DEFAULT;
1657 antenna = b43_antenna_to_phyctl(antenna);
1658 ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1659 /* We can't send beacons with short preamble. Would get PHY errors. */
1660 ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1661 ctl &= ~B43_TXH_PHY_ANT;
1662 ctl &= ~B43_TXH_PHY_ENC;
1663 ctl |= antenna;
1664 if (b43_is_cck_rate(rate))
1665 ctl |= B43_TXH_PHY_ENC_CCK;
1666 else
1667 ctl |= B43_TXH_PHY_ENC_OFDM;
1668 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1669
1670 /* Find the position of the TIM and the DTIM_period value
1671 * and write them to SHM. */
1672 ie = bcn->u.beacon.variable;
1673 variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1674 for (i = 0; i < variable_len - 2; ) {
1675 uint8_t ie_id, ie_len;
1676
1677 ie_id = ie[i];
1678 ie_len = ie[i + 1];
1679 if (ie_id == 5) {
1680 u16 tim_position;
1681 u16 dtim_period;
1682 /* This is the TIM Information Element */
1683
1684 /* Check whether the ie_len is in the beacon data range. */
1685 if (variable_len < ie_len + 2 + i)
1686 break;
1687 /* A valid TIM is at least 4 bytes long. */
1688 if (ie_len < 4)
1689 break;
1690 tim_found = true;
1691
1692 tim_position = sizeof(struct b43_plcp_hdr6);
1693 tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1694 tim_position += i;
1695
1696 dtim_period = ie[i + 3];
1697
1698 b43_shm_write16(dev, B43_SHM_SHARED,
1699 B43_SHM_SH_TIMBPOS, tim_position);
1700 b43_shm_write16(dev, B43_SHM_SHARED,
1701 B43_SHM_SH_DTIMPER, dtim_period);
1702 break;
1703 }
1704 i += ie_len + 2;
1705 }
1706 if (!tim_found) {
1707 /*
1708 * If ucode wants to modify TIM do it behind the beacon, this
1709 * will happen, for example, when doing mesh networking.
1710 */
1711 b43_shm_write16(dev, B43_SHM_SHARED,
1712 B43_SHM_SH_TIMBPOS,
1713 len + sizeof(struct b43_plcp_hdr6));
1714 b43_shm_write16(dev, B43_SHM_SHARED,
1715 B43_SHM_SH_DTIMPER, 0);
1716 }
1717 b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1718
1719 dev_kfree_skb_any(beacon_skb);
1720}
1721
1722static void b43_upload_beacon0(struct b43_wldev *dev)
1723{
1724 struct b43_wl *wl = dev->wl;
1725
1726 if (wl->beacon0_uploaded)
1727 return;
1728 b43_write_beacon_template(dev, B43_SHM_SH_BT_BASE0, B43_SHM_SH_BTL0);
1729 wl->beacon0_uploaded = true;
1730}
1731
1732static void b43_upload_beacon1(struct b43_wldev *dev)
1733{
1734 struct b43_wl *wl = dev->wl;
1735
1736 if (wl->beacon1_uploaded)
1737 return;
1738 b43_write_beacon_template(dev, B43_SHM_SH_BT_BASE1, B43_SHM_SH_BTL1);
1739 wl->beacon1_uploaded = true;
1740}
1741
1742static void handle_irq_beacon(struct b43_wldev *dev)
1743{
1744 struct b43_wl *wl = dev->wl;
1745 u32 cmd, beacon0_valid, beacon1_valid;
1746
1747 if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1748 !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) &&
1749 !b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
1750 return;
1751
1752 /* This is the bottom half of the asynchronous beacon update. */
1753
1754 /* Ignore interrupt in the future. */
1755 dev->irq_mask &= ~B43_IRQ_BEACON;
1756
1757 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1758 beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1759 beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1760
1761 /* Schedule interrupt manually, if busy. */
1762 if (beacon0_valid && beacon1_valid) {
1763 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1764 dev->irq_mask |= B43_IRQ_BEACON;
1765 return;
1766 }
1767
1768 if (unlikely(wl->beacon_templates_virgin)) {
1769 /* We never uploaded a beacon before.
1770 * Upload both templates now, but only mark one valid. */
1771 wl->beacon_templates_virgin = false;
1772 b43_upload_beacon0(dev);
1773 b43_upload_beacon1(dev);
1774 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1775 cmd |= B43_MACCMD_BEACON0_VALID;
1776 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1777 } else {
1778 if (!beacon0_valid) {
1779 b43_upload_beacon0(dev);
1780 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1781 cmd |= B43_MACCMD_BEACON0_VALID;
1782 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1783 } else if (!beacon1_valid) {
1784 b43_upload_beacon1(dev);
1785 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1786 cmd |= B43_MACCMD_BEACON1_VALID;
1787 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1788 }
1789 }
1790}
1791
1792static void b43_do_beacon_update_trigger_work(struct b43_wldev *dev)
1793{
1794 u32 old_irq_mask = dev->irq_mask;
1795
1796 /* update beacon right away or defer to irq */
1797 handle_irq_beacon(dev);
1798 if (old_irq_mask != dev->irq_mask) {
1799 /* The handler updated the IRQ mask. */
1800 B43_WARN_ON(!dev->irq_mask);
1801 if (b43_read32(dev, B43_MMIO_GEN_IRQ_MASK)) {
1802 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1803 } else {
1804 /* Device interrupts are currently disabled. That means
1805 * we just ran the hardirq handler and scheduled the
1806 * IRQ thread. The thread will write the IRQ mask when
1807 * it finished, so there's nothing to do here. Writing
1808 * the mask _here_ would incorrectly re-enable IRQs. */
1809 }
1810 }
1811}
1812
1813static void b43_beacon_update_trigger_work(struct work_struct *work)
1814{
1815 struct b43_wl *wl = container_of(work, struct b43_wl,
1816 beacon_update_trigger);
1817 struct b43_wldev *dev;
1818
1819 mutex_lock(&wl->mutex);
1820 dev = wl->current_dev;
1821 if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1822 if (b43_bus_host_is_sdio(dev->dev)) {
1823 /* wl->mutex is enough. */
1824 b43_do_beacon_update_trigger_work(dev);
1825 mmiowb();
1826 } else {
1827 spin_lock_irq(&wl->hardirq_lock);
1828 b43_do_beacon_update_trigger_work(dev);
1829 mmiowb();
1830 spin_unlock_irq(&wl->hardirq_lock);
1831 }
1832 }
1833 mutex_unlock(&wl->mutex);
1834}
1835
1836/* Asynchronously update the packet templates in template RAM. */
1837static void b43_update_templates(struct b43_wl *wl)
1838{
1839 struct sk_buff *beacon, *old_beacon;
1840 unsigned long flags;
1841
1842 /* This is the top half of the asynchronous beacon update.
1843 * The bottom half is the beacon IRQ.
1844 * Beacon update must be asynchronous to avoid sending an
1845 * invalid beacon. This can happen for example, if the firmware
1846 * transmits a beacon while we are updating it. */
1847
1848 /* We could modify the existing beacon and set the aid bit in
1849 * the TIM field, but that would probably require resizing and
1850 * moving of data within the beacon template.
1851 * Simply request a new beacon and let mac80211 do the hard work. */
1852 beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1853 if (unlikely(!beacon))
1854 return;
1855
1856 spin_lock_irqsave(&wl->beacon_lock, flags);
1857 old_beacon = wl->current_beacon;
1858 wl->current_beacon = beacon;
1859 wl->beacon0_uploaded = false;
1860 wl->beacon1_uploaded = false;
1861 spin_unlock_irqrestore(&wl->beacon_lock, flags);
1862
1863 ieee80211_queue_work(wl->hw, &wl->beacon_update_trigger);
1864
1865 if (old_beacon)
1866 dev_kfree_skb_any(old_beacon);
1867}
1868
1869static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1870{
1871 b43_time_lock(dev);
1872 if (dev->dev->core_rev >= 3) {
1873 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1874 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1875 } else {
1876 b43_write16(dev, 0x606, (beacon_int >> 6));
1877 b43_write16(dev, 0x610, beacon_int);
1878 }
1879 b43_time_unlock(dev);
1880 b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1881}
1882
1883static void b43_handle_firmware_panic(struct b43_wldev *dev)
1884{
1885 u16 reason;
1886
1887 /* Read the register that contains the reason code for the panic. */
1888 reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1889 b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1890
1891 switch (reason) {
1892 default:
1893 b43dbg(dev->wl, "The panic reason is unknown.\n");
1894 /* fallthrough */
1895 case B43_FWPANIC_DIE:
1896 /* Do not restart the controller or firmware.
1897 * The device is nonfunctional from now on.
1898 * Restarting would result in this panic to trigger again,
1899 * so we avoid that recursion. */
1900 break;
1901 case B43_FWPANIC_RESTART:
1902 b43_controller_restart(dev, "Microcode panic");
1903 break;
1904 }
1905}
1906
1907static void handle_irq_ucode_debug(struct b43_wldev *dev)
1908{
1909 unsigned int i, cnt;
1910 u16 reason, marker_id, marker_line;
1911 __le16 *buf;
1912
1913 /* The proprietary firmware doesn't have this IRQ. */
1914 if (!dev->fw.opensource)
1915 return;
1916
1917 /* Read the register that contains the reason code for this IRQ. */
1918 reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1919
1920 switch (reason) {
1921 case B43_DEBUGIRQ_PANIC:
1922 b43_handle_firmware_panic(dev);
1923 break;
1924 case B43_DEBUGIRQ_DUMP_SHM:
1925 if (!B43_DEBUG)
1926 break; /* Only with driver debugging enabled. */
1927 buf = kmalloc(4096, GFP_ATOMIC);
1928 if (!buf) {
1929 b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1930 goto out;
1931 }
1932 for (i = 0; i < 4096; i += 2) {
1933 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1934 buf[i / 2] = cpu_to_le16(tmp);
1935 }
1936 b43info(dev->wl, "Shared memory dump:\n");
1937 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1938 16, 2, buf, 4096, 1);
1939 kfree(buf);
1940 break;
1941 case B43_DEBUGIRQ_DUMP_REGS:
1942 if (!B43_DEBUG)
1943 break; /* Only with driver debugging enabled. */
1944 b43info(dev->wl, "Microcode register dump:\n");
1945 for (i = 0, cnt = 0; i < 64; i++) {
1946 u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1947 if (cnt == 0)
1948 printk(KERN_INFO);
1949 printk("r%02u: 0x%04X ", i, tmp);
1950 cnt++;
1951 if (cnt == 6) {
1952 printk("\n");
1953 cnt = 0;
1954 }
1955 }
1956 printk("\n");
1957 break;
1958 case B43_DEBUGIRQ_MARKER:
1959 if (!B43_DEBUG)
1960 break; /* Only with driver debugging enabled. */
1961 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1962 B43_MARKER_ID_REG);
1963 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1964 B43_MARKER_LINE_REG);
1965 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1966 "at line number %u\n",
1967 marker_id, marker_line);
1968 break;
1969 default:
1970 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1971 reason);
1972 }
1973out:
1974 /* Acknowledge the debug-IRQ, so the firmware can continue. */
1975 b43_shm_write16(dev, B43_SHM_SCRATCH,
1976 B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1977}
1978
1979static void b43_do_interrupt_thread(struct b43_wldev *dev)
1980{
1981 u32 reason;
1982 u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1983 u32 merged_dma_reason = 0;
1984 int i;
1985
1986 if (unlikely(b43_status(dev) != B43_STAT_STARTED))
1987 return;
1988
1989 reason = dev->irq_reason;
1990 for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1991 dma_reason[i] = dev->dma_reason[i];
1992 merged_dma_reason |= dma_reason[i];
1993 }
1994
1995 if (unlikely(reason & B43_IRQ_MAC_TXERR))
1996 b43err(dev->wl, "MAC transmission error\n");
1997
1998 if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1999 b43err(dev->wl, "PHY transmission error\n");
2000 rmb();
2001 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
2002 atomic_set(&dev->phy.txerr_cnt,
2003 B43_PHY_TX_BADNESS_LIMIT);
2004 b43err(dev->wl, "Too many PHY TX errors, "
2005 "restarting the controller\n");
2006 b43_controller_restart(dev, "PHY TX errors");
2007 }
2008 }
2009
2010 if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK))) {
2011 b43err(dev->wl,
2012 "Fatal DMA error: 0x%08X, 0x%08X, 0x%08X, 0x%08X, 0x%08X, 0x%08X\n",
2013 dma_reason[0], dma_reason[1],
2014 dma_reason[2], dma_reason[3],
2015 dma_reason[4], dma_reason[5]);
2016 b43err(dev->wl, "This device does not support DMA "
2017 "on your system. It will now be switched to PIO.\n");
2018 /* Fall back to PIO transfers if we get fatal DMA errors! */
2019 dev->use_pio = true;
2020 b43_controller_restart(dev, "DMA error");
2021 return;
2022 }
2023
2024 if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
2025 handle_irq_ucode_debug(dev);
2026 if (reason & B43_IRQ_TBTT_INDI)
2027 handle_irq_tbtt_indication(dev);
2028 if (reason & B43_IRQ_ATIM_END)
2029 handle_irq_atim_end(dev);
2030 if (reason & B43_IRQ_BEACON)
2031 handle_irq_beacon(dev);
2032 if (reason & B43_IRQ_PMQ)
2033 handle_irq_pmq(dev);
2034 if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
2035 ;/* TODO */
2036 if (reason & B43_IRQ_NOISESAMPLE_OK)
2037 handle_irq_noise(dev);
2038
2039 /* Check the DMA reason registers for received data. */
2040 if (dma_reason[0] & B43_DMAIRQ_RDESC_UFLOW) {
2041 if (B43_DEBUG)
2042 b43warn(dev->wl, "RX descriptor underrun\n");
2043 b43_dma_handle_rx_overflow(dev->dma.rx_ring);
2044 }
2045 if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
2046 if (b43_using_pio_transfers(dev))
2047 b43_pio_rx(dev->pio.rx_queue);
2048 else
2049 b43_dma_rx(dev->dma.rx_ring);
2050 }
2051 B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
2052 B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
2053 B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
2054 B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
2055 B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
2056
2057 if (reason & B43_IRQ_TX_OK)
2058 handle_irq_transmit_status(dev);
2059
2060 /* Re-enable interrupts on the device by restoring the current interrupt mask. */
2061 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
2062
2063#if B43_DEBUG
2064 if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
2065 dev->irq_count++;
2066 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
2067 if (reason & (1 << i))
2068 dev->irq_bit_count[i]++;
2069 }
2070 }
2071#endif
2072}
2073
2074/* Interrupt thread handler. Handles device interrupts in thread context. */
2075static irqreturn_t b43_interrupt_thread_handler(int irq, void *dev_id)
2076{
2077 struct b43_wldev *dev = dev_id;
2078
2079 mutex_lock(&dev->wl->mutex);
2080 b43_do_interrupt_thread(dev);
2081 mmiowb();
2082 mutex_unlock(&dev->wl->mutex);
2083
2084 return IRQ_HANDLED;
2085}
2086
2087static irqreturn_t b43_do_interrupt(struct b43_wldev *dev)
2088{
2089 u32 reason;
2090
2091 /* This code runs under wl->hardirq_lock, but _only_ on non-SDIO busses.
2092 * On SDIO, this runs under wl->mutex. */
2093
2094 reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2095 if (reason == 0xffffffff) /* shared IRQ */
2096 return IRQ_NONE;
2097 reason &= dev->irq_mask;
2098 if (!reason)
2099 return IRQ_NONE;
2100
2101 dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
2102 & 0x0001FC00;
2103 dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
2104 & 0x0000DC00;
2105 dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
2106 & 0x0000DC00;
2107 dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
2108 & 0x0001DC00;
2109 dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
2110 & 0x0000DC00;
2111/* Unused ring
2112 dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
2113 & 0x0000DC00;
2114*/
2115
2116 /* ACK the interrupt. */
2117 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
2118 b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
2119 b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
2120 b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
2121 b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
2122 b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
2123/* Unused ring
2124 b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
2125*/
2126
2127 /* Disable IRQs on the device. The IRQ thread handler will re-enable them. */
2128 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
2129 /* Save the reason bitmasks for the IRQ thread handler. */
2130 dev->irq_reason = reason;
2131
2132 return IRQ_WAKE_THREAD;
2133}
2134
2135/* Interrupt handler top-half. This runs with interrupts disabled. */
2136static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
2137{
2138 struct b43_wldev *dev = dev_id;
2139 irqreturn_t ret;
2140
2141 if (unlikely(b43_status(dev) < B43_STAT_STARTED))
2142 return IRQ_NONE;
2143
2144 spin_lock(&dev->wl->hardirq_lock);
2145 ret = b43_do_interrupt(dev);
2146 mmiowb();
2147 spin_unlock(&dev->wl->hardirq_lock);
2148
2149 return ret;
2150}
2151
2152/* SDIO interrupt handler. This runs in process context. */
2153static void b43_sdio_interrupt_handler(struct b43_wldev *dev)
2154{
2155 struct b43_wl *wl = dev->wl;
2156 irqreturn_t ret;
2157
2158 mutex_lock(&wl->mutex);
2159
2160 ret = b43_do_interrupt(dev);
2161 if (ret == IRQ_WAKE_THREAD)
2162 b43_do_interrupt_thread(dev);
2163
2164 mutex_unlock(&wl->mutex);
2165}
2166
2167void b43_do_release_fw(struct b43_firmware_file *fw)
2168{
2169 release_firmware(fw->data);
2170 fw->data = NULL;
2171 fw->filename = NULL;
2172}
2173
2174static void b43_release_firmware(struct b43_wldev *dev)
2175{
2176 complete(&dev->fw_load_complete);
2177 b43_do_release_fw(&dev->fw.ucode);
2178 b43_do_release_fw(&dev->fw.pcm);
2179 b43_do_release_fw(&dev->fw.initvals);
2180 b43_do_release_fw(&dev->fw.initvals_band);
2181}
2182
2183static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
2184{
2185 const char text[] =
2186 "You must go to " \
2187 "http://wireless.kernel.org/en/users/Drivers/b43#devicefirmware " \
2188 "and download the correct firmware for this driver version. " \
2189 "Please carefully read all instructions on this website.\n";
2190
2191 if (error)
2192 b43err(wl, text);
2193 else
2194 b43warn(wl, text);
2195}
2196
2197static void b43_fw_cb(const struct firmware *firmware, void *context)
2198{
2199 struct b43_request_fw_context *ctx = context;
2200
2201 ctx->blob = firmware;
2202 complete(&ctx->dev->fw_load_complete);
2203}
2204
2205int b43_do_request_fw(struct b43_request_fw_context *ctx,
2206 const char *name,
2207 struct b43_firmware_file *fw, bool async)
2208{
2209 struct b43_fw_header *hdr;
2210 u32 size;
2211 int err;
2212
2213 if (!name) {
2214 /* Don't fetch anything. Free possibly cached firmware. */
2215 /* FIXME: We should probably keep it anyway, to save some headache
2216 * on suspend/resume with multiband devices. */
2217 b43_do_release_fw(fw);
2218 return 0;
2219 }
2220 if (fw->filename) {
2221 if ((fw->type == ctx->req_type) &&
2222 (strcmp(fw->filename, name) == 0))
2223 return 0; /* Already have this fw. */
2224 /* Free the cached firmware first. */
2225 /* FIXME: We should probably do this later after we successfully
2226 * got the new fw. This could reduce headache with multiband devices.
2227 * We could also redesign this to cache the firmware for all possible
2228 * bands all the time. */
2229 b43_do_release_fw(fw);
2230 }
2231
2232 switch (ctx->req_type) {
2233 case B43_FWTYPE_PROPRIETARY:
2234 snprintf(ctx->fwname, sizeof(ctx->fwname),
2235 "b43%s/%s.fw",
2236 modparam_fwpostfix, name);
2237 break;
2238 case B43_FWTYPE_OPENSOURCE:
2239 snprintf(ctx->fwname, sizeof(ctx->fwname),
2240 "b43-open%s/%s.fw",
2241 modparam_fwpostfix, name);
2242 break;
2243 default:
2244 B43_WARN_ON(1);
2245 return -ENOSYS;
2246 }
2247 if (async) {
2248 /* do this part asynchronously */
2249 init_completion(&ctx->dev->fw_load_complete);
2250 err = request_firmware_nowait(THIS_MODULE, 1, ctx->fwname,
2251 ctx->dev->dev->dev, GFP_KERNEL,
2252 ctx, b43_fw_cb);
2253 if (err < 0) {
2254 pr_err("Unable to load firmware\n");
2255 return err;
2256 }
2257 wait_for_completion(&ctx->dev->fw_load_complete);
2258 if (ctx->blob)
2259 goto fw_ready;
2260 /* On some ARM systems, the async request will fail, but the next sync
2261 * request works. For this reason, we fall through here
2262 */
2263 }
2264 err = request_firmware(&ctx->blob, ctx->fwname,
2265 ctx->dev->dev->dev);
2266 if (err == -ENOENT) {
2267 snprintf(ctx->errors[ctx->req_type],
2268 sizeof(ctx->errors[ctx->req_type]),
2269 "Firmware file \"%s\" not found\n",
2270 ctx->fwname);
2271 return err;
2272 } else if (err) {
2273 snprintf(ctx->errors[ctx->req_type],
2274 sizeof(ctx->errors[ctx->req_type]),
2275 "Firmware file \"%s\" request failed (err=%d)\n",
2276 ctx->fwname, err);
2277 return err;
2278 }
2279fw_ready:
2280 if (ctx->blob->size < sizeof(struct b43_fw_header))
2281 goto err_format;
2282 hdr = (struct b43_fw_header *)(ctx->blob->data);
2283 switch (hdr->type) {
2284 case B43_FW_TYPE_UCODE:
2285 case B43_FW_TYPE_PCM:
2286 size = be32_to_cpu(hdr->size);
2287 if (size != ctx->blob->size - sizeof(struct b43_fw_header))
2288 goto err_format;
2289 /* fallthrough */
2290 case B43_FW_TYPE_IV:
2291 if (hdr->ver != 1)
2292 goto err_format;
2293 break;
2294 default:
2295 goto err_format;
2296 }
2297
2298 fw->data = ctx->blob;
2299 fw->filename = name;
2300 fw->type = ctx->req_type;
2301
2302 return 0;
2303
2304err_format:
2305 snprintf(ctx->errors[ctx->req_type],
2306 sizeof(ctx->errors[ctx->req_type]),
2307 "Firmware file \"%s\" format error.\n", ctx->fwname);
2308 release_firmware(ctx->blob);
2309
2310 return -EPROTO;
2311}
2312
2313/* http://bcm-v4.sipsolutions.net/802.11/Init/Firmware */
2314static int b43_try_request_fw(struct b43_request_fw_context *ctx)
2315{
2316 struct b43_wldev *dev = ctx->dev;
2317 struct b43_firmware *fw = &ctx->dev->fw;
2318 struct b43_phy *phy = &dev->phy;
2319 const u8 rev = ctx->dev->dev->core_rev;
2320 const char *filename;
2321 int err;
2322
2323 /* Get microcode */
2324 filename = NULL;
2325 switch (rev) {
2326 case 42:
2327 if (phy->type == B43_PHYTYPE_AC)
2328 filename = "ucode42";
2329 break;
2330 case 40:
2331 if (phy->type == B43_PHYTYPE_AC)
2332 filename = "ucode40";
2333 break;
2334 case 33:
2335 if (phy->type == B43_PHYTYPE_LCN40)
2336 filename = "ucode33_lcn40";
2337 break;
2338 case 30:
2339 if (phy->type == B43_PHYTYPE_N)
2340 filename = "ucode30_mimo";
2341 break;
2342 case 29:
2343 if (phy->type == B43_PHYTYPE_HT)
2344 filename = "ucode29_mimo";
2345 break;
2346 case 26:
2347 if (phy->type == B43_PHYTYPE_HT)
2348 filename = "ucode26_mimo";
2349 break;
2350 case 28:
2351 case 25:
2352 if (phy->type == B43_PHYTYPE_N)
2353 filename = "ucode25_mimo";
2354 else if (phy->type == B43_PHYTYPE_LCN)
2355 filename = "ucode25_lcn";
2356 break;
2357 case 24:
2358 if (phy->type == B43_PHYTYPE_LCN)
2359 filename = "ucode24_lcn";
2360 break;
2361 case 23:
2362 if (phy->type == B43_PHYTYPE_N)
2363 filename = "ucode16_mimo";
2364 break;
2365 case 16 ... 19:
2366 if (phy->type == B43_PHYTYPE_N)
2367 filename = "ucode16_mimo";
2368 else if (phy->type == B43_PHYTYPE_LP)
2369 filename = "ucode16_lp";
2370 break;
2371 case 15:
2372 filename = "ucode15";
2373 break;
2374 case 14:
2375 filename = "ucode14";
2376 break;
2377 case 13:
2378 filename = "ucode13";
2379 break;
2380 case 11 ... 12:
2381 filename = "ucode11";
2382 break;
2383 case 5 ... 10:
2384 filename = "ucode5";
2385 break;
2386 }
2387 if (!filename)
2388 goto err_no_ucode;
2389 err = b43_do_request_fw(ctx, filename, &fw->ucode, true);
2390 if (err)
2391 goto err_load;
2392
2393 /* Get PCM code */
2394 if ((rev >= 5) && (rev <= 10))
2395 filename = "pcm5";
2396 else if (rev >= 11)
2397 filename = NULL;
2398 else
2399 goto err_no_pcm;
2400 fw->pcm_request_failed = false;
2401 err = b43_do_request_fw(ctx, filename, &fw->pcm, false);
2402 if (err == -ENOENT) {
2403 /* We did not find a PCM file? Not fatal, but
2404 * core rev <= 10 must do without hwcrypto then. */
2405 fw->pcm_request_failed = true;
2406 } else if (err)
2407 goto err_load;
2408
2409 /* Get initvals */
2410 filename = NULL;
2411 switch (dev->phy.type) {
2412 case B43_PHYTYPE_G:
2413 if (rev == 13)
2414 filename = "b0g0initvals13";
2415 else if (rev >= 5 && rev <= 10)
2416 filename = "b0g0initvals5";
2417 break;
2418 case B43_PHYTYPE_N:
2419 if (rev == 30)
2420 filename = "n16initvals30";
2421 else if (rev == 28 || rev == 25)
2422 filename = "n0initvals25";
2423 else if (rev == 24)
2424 filename = "n0initvals24";
2425 else if (rev == 23)
2426 filename = "n0initvals16"; /* What about n0initvals22? */
2427 else if (rev >= 16 && rev <= 18)
2428 filename = "n0initvals16";
2429 else if (rev >= 11 && rev <= 12)
2430 filename = "n0initvals11";
2431 break;
2432 case B43_PHYTYPE_LP:
2433 if (rev >= 16 && rev <= 18)
2434 filename = "lp0initvals16";
2435 else if (rev == 15)
2436 filename = "lp0initvals15";
2437 else if (rev == 14)
2438 filename = "lp0initvals14";
2439 else if (rev == 13)
2440 filename = "lp0initvals13";
2441 break;
2442 case B43_PHYTYPE_HT:
2443 if (rev == 29)
2444 filename = "ht0initvals29";
2445 else if (rev == 26)
2446 filename = "ht0initvals26";
2447 break;
2448 case B43_PHYTYPE_LCN:
2449 if (rev == 24)
2450 filename = "lcn0initvals24";
2451 break;
2452 case B43_PHYTYPE_LCN40:
2453 if (rev == 33)
2454 filename = "lcn400initvals33";
2455 break;
2456 case B43_PHYTYPE_AC:
2457 if (rev == 42)
2458 filename = "ac1initvals42";
2459 else if (rev == 40)
2460 filename = "ac0initvals40";
2461 break;
2462 }
2463 if (!filename)
2464 goto err_no_initvals;
2465 err = b43_do_request_fw(ctx, filename, &fw->initvals, false);
2466 if (err)
2467 goto err_load;
2468
2469 /* Get bandswitch initvals */
2470 filename = NULL;
2471 switch (dev->phy.type) {
2472 case B43_PHYTYPE_G:
2473 if (rev == 13)
2474 filename = "b0g0bsinitvals13";
2475 else if (rev >= 5 && rev <= 10)
2476 filename = "b0g0bsinitvals5";
2477 break;
2478 case B43_PHYTYPE_N:
2479 if (rev == 30)
2480 filename = "n16bsinitvals30";
2481 else if (rev == 28 || rev == 25)
2482 filename = "n0bsinitvals25";
2483 else if (rev == 24)
2484 filename = "n0bsinitvals24";
2485 else if (rev == 23)
2486 filename = "n0bsinitvals16"; /* What about n0bsinitvals22? */
2487 else if (rev >= 16 && rev <= 18)
2488 filename = "n0bsinitvals16";
2489 else if (rev >= 11 && rev <= 12)
2490 filename = "n0bsinitvals11";
2491 break;
2492 case B43_PHYTYPE_LP:
2493 if (rev >= 16 && rev <= 18)
2494 filename = "lp0bsinitvals16";
2495 else if (rev == 15)
2496 filename = "lp0bsinitvals15";
2497 else if (rev == 14)
2498 filename = "lp0bsinitvals14";
2499 else if (rev == 13)
2500 filename = "lp0bsinitvals13";
2501 break;
2502 case B43_PHYTYPE_HT:
2503 if (rev == 29)
2504 filename = "ht0bsinitvals29";
2505 else if (rev == 26)
2506 filename = "ht0bsinitvals26";
2507 break;
2508 case B43_PHYTYPE_LCN:
2509 if (rev == 24)
2510 filename = "lcn0bsinitvals24";
2511 break;
2512 case B43_PHYTYPE_LCN40:
2513 if (rev == 33)
2514 filename = "lcn400bsinitvals33";
2515 break;
2516 case B43_PHYTYPE_AC:
2517 if (rev == 42)
2518 filename = "ac1bsinitvals42";
2519 else if (rev == 40)
2520 filename = "ac0bsinitvals40";
2521 break;
2522 }
2523 if (!filename)
2524 goto err_no_initvals;
2525 err = b43_do_request_fw(ctx, filename, &fw->initvals_band, false);
2526 if (err)
2527 goto err_load;
2528
2529 fw->opensource = (ctx->req_type == B43_FWTYPE_OPENSOURCE);
2530
2531 return 0;
2532
2533err_no_ucode:
2534 err = ctx->fatal_failure = -EOPNOTSUPP;
2535 b43err(dev->wl, "The driver does not know which firmware (ucode) "
2536 "is required for your device (wl-core rev %u)\n", rev);
2537 goto error;
2538
2539err_no_pcm:
2540 err = ctx->fatal_failure = -EOPNOTSUPP;
2541 b43err(dev->wl, "The driver does not know which firmware (PCM) "
2542 "is required for your device (wl-core rev %u)\n", rev);
2543 goto error;
2544
2545err_no_initvals:
2546 err = ctx->fatal_failure = -EOPNOTSUPP;
2547 b43err(dev->wl, "The driver does not know which firmware (initvals) "
2548 "is required for your device (wl-core rev %u)\n", rev);
2549 goto error;
2550
2551err_load:
2552 /* We failed to load this firmware image. The error message
2553 * already is in ctx->errors. Return and let our caller decide
2554 * what to do. */
2555 goto error;
2556
2557error:
2558 b43_release_firmware(dev);
2559 return err;
2560}
2561
2562static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl);
2563static void b43_one_core_detach(struct b43_bus_dev *dev);
2564static int b43_rng_init(struct b43_wl *wl);
2565
2566static void b43_request_firmware(struct work_struct *work)
2567{
2568 struct b43_wl *wl = container_of(work,
2569 struct b43_wl, firmware_load);
2570 struct b43_wldev *dev = wl->current_dev;
2571 struct b43_request_fw_context *ctx;
2572 unsigned int i;
2573 int err;
2574 const char *errmsg;
2575
2576 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
2577 if (!ctx)
2578 return;
2579 ctx->dev = dev;
2580
2581 ctx->req_type = B43_FWTYPE_PROPRIETARY;
2582 err = b43_try_request_fw(ctx);
2583 if (!err)
2584 goto start_ieee80211; /* Successfully loaded it. */
2585 /* Was fw version known? */
2586 if (ctx->fatal_failure)
2587 goto out;
2588
2589 /* proprietary fw not found, try open source */
2590 ctx->req_type = B43_FWTYPE_OPENSOURCE;
2591 err = b43_try_request_fw(ctx);
2592 if (!err)
2593 goto start_ieee80211; /* Successfully loaded it. */
2594 if(ctx->fatal_failure)
2595 goto out;
2596
2597 /* Could not find a usable firmware. Print the errors. */
2598 for (i = 0; i < B43_NR_FWTYPES; i++) {
2599 errmsg = ctx->errors[i];
2600 if (strlen(errmsg))
2601 b43err(dev->wl, "%s", errmsg);
2602 }
2603 b43_print_fw_helptext(dev->wl, 1);
2604 goto out;
2605
2606start_ieee80211:
2607 wl->hw->queues = B43_QOS_QUEUE_NUM;
2608 if (!modparam_qos || dev->fw.opensource)
2609 wl->hw->queues = 1;
2610
2611 err = ieee80211_register_hw(wl->hw);
2612 if (err)
2613 goto err_one_core_detach;
2614 wl->hw_registred = true;
2615 b43_leds_register(wl->current_dev);
2616
2617 /* Register HW RNG driver */
2618 b43_rng_init(wl);
2619
2620 goto out;
2621
2622err_one_core_detach:
2623 b43_one_core_detach(dev->dev);
2624
2625out:
2626 kfree(ctx);
2627}
2628
2629static int b43_upload_microcode(struct b43_wldev *dev)
2630{
2631 struct wiphy *wiphy = dev->wl->hw->wiphy;
2632 const size_t hdr_len = sizeof(struct b43_fw_header);
2633 const __be32 *data;
2634 unsigned int i, len;
2635 u16 fwrev, fwpatch, fwdate, fwtime;
2636 u32 tmp, macctl;
2637 int err = 0;
2638
2639 /* Jump the microcode PSM to offset 0 */
2640 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2641 B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2642 macctl |= B43_MACCTL_PSM_JMP0;
2643 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2644 /* Zero out all microcode PSM registers and shared memory. */
2645 for (i = 0; i < 64; i++)
2646 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2647 for (i = 0; i < 4096; i += 2)
2648 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2649
2650 /* Upload Microcode. */
2651 data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2652 len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2653 b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2654 for (i = 0; i < len; i++) {
2655 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2656 udelay(10);
2657 }
2658
2659 if (dev->fw.pcm.data) {
2660 /* Upload PCM data. */
2661 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2662 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2663 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2664 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2665 /* No need for autoinc bit in SHM_HW */
2666 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2667 for (i = 0; i < len; i++) {
2668 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2669 udelay(10);
2670 }
2671 }
2672
2673 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2674
2675 /* Start the microcode PSM */
2676 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_JMP0,
2677 B43_MACCTL_PSM_RUN);
2678
2679 /* Wait for the microcode to load and respond */
2680 i = 0;
2681 while (1) {
2682 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2683 if (tmp == B43_IRQ_MAC_SUSPENDED)
2684 break;
2685 i++;
2686 if (i >= 20) {
2687 b43err(dev->wl, "Microcode not responding\n");
2688 b43_print_fw_helptext(dev->wl, 1);
2689 err = -ENODEV;
2690 goto error;
2691 }
2692 msleep(50);
2693 }
2694 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON); /* dummy read */
2695
2696 /* Get and check the revisions. */
2697 fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2698 fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2699 fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2700 fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2701
2702 if (fwrev <= 0x128) {
2703 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2704 "binary drivers older than version 4.x is unsupported. "
2705 "You must upgrade your firmware files.\n");
2706 b43_print_fw_helptext(dev->wl, 1);
2707 err = -EOPNOTSUPP;
2708 goto error;
2709 }
2710 dev->fw.rev = fwrev;
2711 dev->fw.patch = fwpatch;
2712 if (dev->fw.rev >= 598)
2713 dev->fw.hdr_format = B43_FW_HDR_598;
2714 else if (dev->fw.rev >= 410)
2715 dev->fw.hdr_format = B43_FW_HDR_410;
2716 else
2717 dev->fw.hdr_format = B43_FW_HDR_351;
2718 WARN_ON(dev->fw.opensource != (fwdate == 0xFFFF));
2719
2720 dev->qos_enabled = dev->wl->hw->queues > 1;
2721 /* Default to firmware/hardware crypto acceleration. */
2722 dev->hwcrypto_enabled = true;
2723
2724 if (dev->fw.opensource) {
2725 u16 fwcapa;
2726
2727 /* Patchlevel info is encoded in the "time" field. */
2728 dev->fw.patch = fwtime;
2729 b43info(dev->wl, "Loading OpenSource firmware version %u.%u\n",
2730 dev->fw.rev, dev->fw.patch);
2731
2732 fwcapa = b43_fwcapa_read(dev);
2733 if (!(fwcapa & B43_FWCAPA_HWCRYPTO) || dev->fw.pcm_request_failed) {
2734 b43info(dev->wl, "Hardware crypto acceleration not supported by firmware\n");
2735 /* Disable hardware crypto and fall back to software crypto. */
2736 dev->hwcrypto_enabled = false;
2737 }
2738 /* adding QoS support should use an offline discovery mechanism */
2739 WARN(fwcapa & B43_FWCAPA_QOS, "QoS in OpenFW not supported\n");
2740 } else {
2741 b43info(dev->wl, "Loading firmware version %u.%u "
2742 "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2743 fwrev, fwpatch,
2744 (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2745 (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2746 if (dev->fw.pcm_request_failed) {
2747 b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2748 "Hardware accelerated cryptography is disabled.\n");
2749 b43_print_fw_helptext(dev->wl, 0);
2750 }
2751 }
2752
2753 snprintf(wiphy->fw_version, sizeof(wiphy->fw_version), "%u.%u",
2754 dev->fw.rev, dev->fw.patch);
2755 wiphy->hw_version = dev->dev->core_id;
2756
2757 if (dev->fw.hdr_format == B43_FW_HDR_351) {
2758 /* We're over the deadline, but we keep support for old fw
2759 * until it turns out to be in major conflict with something new. */
2760 b43warn(dev->wl, "You are using an old firmware image. "
2761 "Support for old firmware will be removed soon "
2762 "(official deadline was July 2008).\n");
2763 b43_print_fw_helptext(dev->wl, 0);
2764 }
2765
2766 return 0;
2767
2768error:
2769 /* Stop the microcode PSM. */
2770 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
2771 B43_MACCTL_PSM_JMP0);
2772
2773 return err;
2774}
2775
2776static int b43_write_initvals(struct b43_wldev *dev,
2777 const struct b43_iv *ivals,
2778 size_t count,
2779 size_t array_size)
2780{
2781 const struct b43_iv *iv;
2782 u16 offset;
2783 size_t i;
2784 bool bit32;
2785
2786 BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2787 iv = ivals;
2788 for (i = 0; i < count; i++) {
2789 if (array_size < sizeof(iv->offset_size))
2790 goto err_format;
2791 array_size -= sizeof(iv->offset_size);
2792 offset = be16_to_cpu(iv->offset_size);
2793 bit32 = !!(offset & B43_IV_32BIT);
2794 offset &= B43_IV_OFFSET_MASK;
2795 if (offset >= 0x1000)
2796 goto err_format;
2797 if (bit32) {
2798 u32 value;
2799
2800 if (array_size < sizeof(iv->data.d32))
2801 goto err_format;
2802 array_size -= sizeof(iv->data.d32);
2803
2804 value = get_unaligned_be32(&iv->data.d32);
2805 b43_write32(dev, offset, value);
2806
2807 iv = (const struct b43_iv *)((const uint8_t *)iv +
2808 sizeof(__be16) +
2809 sizeof(__be32));
2810 } else {
2811 u16 value;
2812
2813 if (array_size < sizeof(iv->data.d16))
2814 goto err_format;
2815 array_size -= sizeof(iv->data.d16);
2816
2817 value = be16_to_cpu(iv->data.d16);
2818 b43_write16(dev, offset, value);
2819
2820 iv = (const struct b43_iv *)((const uint8_t *)iv +
2821 sizeof(__be16) +
2822 sizeof(__be16));
2823 }
2824 }
2825 if (array_size)
2826 goto err_format;
2827
2828 return 0;
2829
2830err_format:
2831 b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2832 b43_print_fw_helptext(dev->wl, 1);
2833
2834 return -EPROTO;
2835}
2836
2837static int b43_upload_initvals(struct b43_wldev *dev)
2838{
2839 const size_t hdr_len = sizeof(struct b43_fw_header);
2840 const struct b43_fw_header *hdr;
2841 struct b43_firmware *fw = &dev->fw;
2842 const struct b43_iv *ivals;
2843 size_t count;
2844
2845 hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2846 ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2847 count = be32_to_cpu(hdr->size);
2848 return b43_write_initvals(dev, ivals, count,
2849 fw->initvals.data->size - hdr_len);
2850}
2851
2852static int b43_upload_initvals_band(struct b43_wldev *dev)
2853{
2854 const size_t hdr_len = sizeof(struct b43_fw_header);
2855 const struct b43_fw_header *hdr;
2856 struct b43_firmware *fw = &dev->fw;
2857 const struct b43_iv *ivals;
2858 size_t count;
2859
2860 if (!fw->initvals_band.data)
2861 return 0;
2862
2863 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2864 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2865 count = be32_to_cpu(hdr->size);
2866 return b43_write_initvals(dev, ivals, count,
2867 fw->initvals_band.data->size - hdr_len);
2868}
2869
2870/* Initialize the GPIOs
2871 * http://bcm-specs.sipsolutions.net/GPIO
2872 */
2873
2874#ifdef CONFIG_B43_SSB
2875static struct ssb_device *b43_ssb_gpio_dev(struct b43_wldev *dev)
2876{
2877 struct ssb_bus *bus = dev->dev->sdev->bus;
2878
2879#ifdef CONFIG_SSB_DRIVER_PCICORE
2880 return (bus->chipco.dev ? bus->chipco.dev : bus->pcicore.dev);
2881#else
2882 return bus->chipco.dev;
2883#endif
2884}
2885#endif
2886
2887static int b43_gpio_init(struct b43_wldev *dev)
2888{
2889#ifdef CONFIG_B43_SSB
2890 struct ssb_device *gpiodev;
2891#endif
2892 u32 mask, set;
2893
2894 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_GPOUTSMSK, 0);
2895 b43_maskset16(dev, B43_MMIO_GPIO_MASK, ~0, 0xF);
2896
2897 mask = 0x0000001F;
2898 set = 0x0000000F;
2899 if (dev->dev->chip_id == 0x4301) {
2900 mask |= 0x0060;
2901 set |= 0x0060;
2902 } else if (dev->dev->chip_id == 0x5354) {
2903 /* Don't allow overtaking buttons GPIOs */
2904 set &= 0x2; /* 0x2 is LED GPIO on BCM5354 */
2905 }
2906
2907 if (0 /* FIXME: conditional unknown */ ) {
2908 b43_write16(dev, B43_MMIO_GPIO_MASK,
2909 b43_read16(dev, B43_MMIO_GPIO_MASK)
2910 | 0x0100);
2911 /* BT Coexistance Input */
2912 mask |= 0x0080;
2913 set |= 0x0080;
2914 /* BT Coexistance Out */
2915 mask |= 0x0100;
2916 set |= 0x0100;
2917 }
2918 if (dev->dev->bus_sprom->boardflags_lo & B43_BFL_PACTRL) {
2919 /* PA is controlled by gpio 9, let ucode handle it */
2920 b43_write16(dev, B43_MMIO_GPIO_MASK,
2921 b43_read16(dev, B43_MMIO_GPIO_MASK)
2922 | 0x0200);
2923 mask |= 0x0200;
2924 set |= 0x0200;
2925 }
2926
2927 switch (dev->dev->bus_type) {
2928#ifdef CONFIG_B43_BCMA
2929 case B43_BUS_BCMA:
2930 bcma_chipco_gpio_control(&dev->dev->bdev->bus->drv_cc, mask, set);
2931 break;
2932#endif
2933#ifdef CONFIG_B43_SSB
2934 case B43_BUS_SSB:
2935 gpiodev = b43_ssb_gpio_dev(dev);
2936 if (gpiodev)
2937 ssb_write32(gpiodev, B43_GPIO_CONTROL,
2938 (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2939 & ~mask) | set);
2940 break;
2941#endif
2942 }
2943
2944 return 0;
2945}
2946
2947/* Turn off all GPIO stuff. Call this on module unload, for example. */
2948static void b43_gpio_cleanup(struct b43_wldev *dev)
2949{
2950#ifdef CONFIG_B43_SSB
2951 struct ssb_device *gpiodev;
2952#endif
2953
2954 switch (dev->dev->bus_type) {
2955#ifdef CONFIG_B43_BCMA
2956 case B43_BUS_BCMA:
2957 bcma_chipco_gpio_control(&dev->dev->bdev->bus->drv_cc, ~0, 0);
2958 break;
2959#endif
2960#ifdef CONFIG_B43_SSB
2961 case B43_BUS_SSB:
2962 gpiodev = b43_ssb_gpio_dev(dev);
2963 if (gpiodev)
2964 ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2965 break;
2966#endif
2967 }
2968}
2969
2970/* http://bcm-specs.sipsolutions.net/EnableMac */
2971void b43_mac_enable(struct b43_wldev *dev)
2972{
2973 if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2974 u16 fwstate;
2975
2976 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2977 B43_SHM_SH_UCODESTAT);
2978 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2979 (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2980 b43err(dev->wl, "b43_mac_enable(): The firmware "
2981 "should be suspended, but current state is %u\n",
2982 fwstate);
2983 }
2984 }
2985
2986 dev->mac_suspended--;
2987 B43_WARN_ON(dev->mac_suspended < 0);
2988 if (dev->mac_suspended == 0) {
2989 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_ENABLED);
2990 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2991 B43_IRQ_MAC_SUSPENDED);
2992 /* Commit writes */
2993 b43_read32(dev, B43_MMIO_MACCTL);
2994 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2995 b43_power_saving_ctl_bits(dev, 0);
2996 }
2997}
2998
2999/* http://bcm-specs.sipsolutions.net/SuspendMAC */
3000void b43_mac_suspend(struct b43_wldev *dev)
3001{
3002 int i;
3003 u32 tmp;
3004
3005 might_sleep();
3006 B43_WARN_ON(dev->mac_suspended < 0);
3007
3008 if (dev->mac_suspended == 0) {
3009 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
3010 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_ENABLED, 0);
3011 /* force pci to flush the write */
3012 b43_read32(dev, B43_MMIO_MACCTL);
3013 for (i = 35; i; i--) {
3014 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
3015 if (tmp & B43_IRQ_MAC_SUSPENDED)
3016 goto out;
3017 udelay(10);
3018 }
3019 /* Hm, it seems this will take some time. Use msleep(). */
3020 for (i = 40; i; i--) {
3021 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
3022 if (tmp & B43_IRQ_MAC_SUSPENDED)
3023 goto out;
3024 msleep(1);
3025 }
3026 b43err(dev->wl, "MAC suspend failed\n");
3027 }
3028out:
3029 dev->mac_suspended++;
3030}
3031
3032/* http://bcm-v4.sipsolutions.net/802.11/PHY/N/MacPhyClkSet */
3033void b43_mac_phy_clock_set(struct b43_wldev *dev, bool on)
3034{
3035 u32 tmp;
3036
3037 switch (dev->dev->bus_type) {
3038#ifdef CONFIG_B43_BCMA
3039 case B43_BUS_BCMA:
3040 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
3041 if (on)
3042 tmp |= B43_BCMA_IOCTL_MACPHYCLKEN;
3043 else
3044 tmp &= ~B43_BCMA_IOCTL_MACPHYCLKEN;
3045 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
3046 break;
3047#endif
3048#ifdef CONFIG_B43_SSB
3049 case B43_BUS_SSB:
3050 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3051 if (on)
3052 tmp |= B43_TMSLOW_MACPHYCLKEN;
3053 else
3054 tmp &= ~B43_TMSLOW_MACPHYCLKEN;
3055 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3056 break;
3057#endif
3058 }
3059}
3060
3061/* brcms_b_switch_macfreq */
3062void b43_mac_switch_freq(struct b43_wldev *dev, u8 spurmode)
3063{
3064 u16 chip_id = dev->dev->chip_id;
3065
3066 if (chip_id == BCMA_CHIP_ID_BCM4331) {
3067 switch (spurmode) {
3068 case 2: /* 168 Mhz: 2^26/168 = 0x61862 */
3069 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x1862);
3070 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x6);
3071 break;
3072 case 1: /* 164 Mhz: 2^26/164 = 0x63e70 */
3073 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x3e70);
3074 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x6);
3075 break;
3076 default: /* 160 Mhz: 2^26/160 = 0x66666 */
3077 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x6666);
3078 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x6);
3079 break;
3080 }
3081 } else if (chip_id == BCMA_CHIP_ID_BCM43131 ||
3082 chip_id == BCMA_CHIP_ID_BCM43217 ||
3083 chip_id == BCMA_CHIP_ID_BCM43222 ||
3084 chip_id == BCMA_CHIP_ID_BCM43224 ||
3085 chip_id == BCMA_CHIP_ID_BCM43225 ||
3086 chip_id == BCMA_CHIP_ID_BCM43227 ||
3087 chip_id == BCMA_CHIP_ID_BCM43228) {
3088 switch (spurmode) {
3089 case 2: /* 126 Mhz */
3090 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x2082);
3091 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x8);
3092 break;
3093 case 1: /* 123 Mhz */
3094 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x5341);
3095 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x8);
3096 break;
3097 default: /* 120 Mhz */
3098 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x8889);
3099 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x8);
3100 break;
3101 }
3102 } else if (dev->phy.type == B43_PHYTYPE_LCN) {
3103 switch (spurmode) {
3104 case 1: /* 82 Mhz */
3105 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x7CE0);
3106 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0xC);
3107 break;
3108 default: /* 80 Mhz */
3109 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0xCCCD);
3110 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0xC);
3111 break;
3112 }
3113 }
3114}
3115
3116static void b43_adjust_opmode(struct b43_wldev *dev)
3117{
3118 struct b43_wl *wl = dev->wl;
3119 u32 ctl;
3120 u16 cfp_pretbtt;
3121
3122 ctl = b43_read32(dev, B43_MMIO_MACCTL);
3123 /* Reset status to STA infrastructure mode. */
3124 ctl &= ~B43_MACCTL_AP;
3125 ctl &= ~B43_MACCTL_KEEP_CTL;
3126 ctl &= ~B43_MACCTL_KEEP_BADPLCP;
3127 ctl &= ~B43_MACCTL_KEEP_BAD;
3128 ctl &= ~B43_MACCTL_PROMISC;
3129 ctl &= ~B43_MACCTL_BEACPROMISC;
3130 ctl |= B43_MACCTL_INFRA;
3131
3132 if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3133 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
3134 ctl |= B43_MACCTL_AP;
3135 else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
3136 ctl &= ~B43_MACCTL_INFRA;
3137
3138 if (wl->filter_flags & FIF_CONTROL)
3139 ctl |= B43_MACCTL_KEEP_CTL;
3140 if (wl->filter_flags & FIF_FCSFAIL)
3141 ctl |= B43_MACCTL_KEEP_BAD;
3142 if (wl->filter_flags & FIF_PLCPFAIL)
3143 ctl |= B43_MACCTL_KEEP_BADPLCP;
3144 if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
3145 ctl |= B43_MACCTL_BEACPROMISC;
3146
3147 /* Workaround: On old hardware the HW-MAC-address-filter
3148 * doesn't work properly, so always run promisc in filter
3149 * it in software. */
3150 if (dev->dev->core_rev <= 4)
3151 ctl |= B43_MACCTL_PROMISC;
3152
3153 b43_write32(dev, B43_MMIO_MACCTL, ctl);
3154
3155 cfp_pretbtt = 2;
3156 if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
3157 if (dev->dev->chip_id == 0x4306 &&
3158 dev->dev->chip_rev == 3)
3159 cfp_pretbtt = 100;
3160 else
3161 cfp_pretbtt = 50;
3162 }
3163 b43_write16(dev, 0x612, cfp_pretbtt);
3164
3165 /* FIXME: We don't currently implement the PMQ mechanism,
3166 * so always disable it. If we want to implement PMQ,
3167 * we need to enable it here (clear DISCPMQ) in AP mode.
3168 */
3169 if (0 /* ctl & B43_MACCTL_AP */)
3170 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_DISCPMQ, 0);
3171 else
3172 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_DISCPMQ);
3173}
3174
3175static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
3176{
3177 u16 offset;
3178
3179 if (is_ofdm) {
3180 offset = 0x480;
3181 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
3182 } else {
3183 offset = 0x4C0;
3184 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
3185 }
3186 b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
3187 b43_shm_read16(dev, B43_SHM_SHARED, offset));
3188}
3189
3190static void b43_rate_memory_init(struct b43_wldev *dev)
3191{
3192 switch (dev->phy.type) {
3193 case B43_PHYTYPE_G:
3194 case B43_PHYTYPE_N:
3195 case B43_PHYTYPE_LP:
3196 case B43_PHYTYPE_HT:
3197 case B43_PHYTYPE_LCN:
3198 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
3199 b43_rate_memory_write(dev, B43_OFDM_RATE_9MB, 1);
3200 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
3201 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
3202 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
3203 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
3204 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
3205 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
3206 /* fallthrough */
3207 case B43_PHYTYPE_B:
3208 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
3209 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
3210 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
3211 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
3212 break;
3213 default:
3214 B43_WARN_ON(1);
3215 }
3216}
3217
3218/* Set the default values for the PHY TX Control Words. */
3219static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
3220{
3221 u16 ctl = 0;
3222
3223 ctl |= B43_TXH_PHY_ENC_CCK;
3224 ctl |= B43_TXH_PHY_ANT01AUTO;
3225 ctl |= B43_TXH_PHY_TXPWR;
3226
3227 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
3228 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
3229 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
3230}
3231
3232/* Set the TX-Antenna for management frames sent by firmware. */
3233static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
3234{
3235 u16 ant;
3236 u16 tmp;
3237
3238 ant = b43_antenna_to_phyctl(antenna);
3239
3240 /* For ACK/CTS */
3241 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
3242 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3243 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
3244 /* For Probe Resposes */
3245 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
3246 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3247 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
3248}
3249
3250/* This is the opposite of b43_chip_init() */
3251static void b43_chip_exit(struct b43_wldev *dev)
3252{
3253 b43_phy_exit(dev);
3254 b43_gpio_cleanup(dev);
3255 /* firmware is released later */
3256}
3257
3258/* Initialize the chip
3259 * http://bcm-specs.sipsolutions.net/ChipInit
3260 */
3261static int b43_chip_init(struct b43_wldev *dev)
3262{
3263 struct b43_phy *phy = &dev->phy;
3264 int err;
3265 u32 macctl;
3266 u16 value16;
3267
3268 /* Initialize the MAC control */
3269 macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
3270 if (dev->phy.gmode)
3271 macctl |= B43_MACCTL_GMODE;
3272 macctl |= B43_MACCTL_INFRA;
3273 b43_write32(dev, B43_MMIO_MACCTL, macctl);
3274
3275 err = b43_upload_microcode(dev);
3276 if (err)
3277 goto out; /* firmware is released later */
3278
3279 err = b43_gpio_init(dev);
3280 if (err)
3281 goto out; /* firmware is released later */
3282
3283 err = b43_upload_initvals(dev);
3284 if (err)
3285 goto err_gpio_clean;
3286
3287 err = b43_upload_initvals_band(dev);
3288 if (err)
3289 goto err_gpio_clean;
3290
3291 /* Turn the Analog on and initialize the PHY. */
3292 phy->ops->switch_analog(dev, 1);
3293 err = b43_phy_init(dev);
3294 if (err)
3295 goto err_gpio_clean;
3296
3297 /* Disable Interference Mitigation. */
3298 if (phy->ops->interf_mitigation)
3299 phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
3300
3301 /* Select the antennae */
3302 if (phy->ops->set_rx_antenna)
3303 phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
3304 b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
3305
3306 if (phy->type == B43_PHYTYPE_B) {
3307 value16 = b43_read16(dev, 0x005E);
3308 value16 |= 0x0004;
3309 b43_write16(dev, 0x005E, value16);
3310 }
3311 b43_write32(dev, 0x0100, 0x01000000);
3312 if (dev->dev->core_rev < 5)
3313 b43_write32(dev, 0x010C, 0x01000000);
3314
3315 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_INFRA, 0);
3316 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_INFRA);
3317
3318 /* Probe Response Timeout value */
3319 /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
3320 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 0);
3321
3322 /* Initially set the wireless operation mode. */
3323 b43_adjust_opmode(dev);
3324
3325 if (dev->dev->core_rev < 3) {
3326 b43_write16(dev, 0x060E, 0x0000);
3327 b43_write16(dev, 0x0610, 0x8000);
3328 b43_write16(dev, 0x0604, 0x0000);
3329 b43_write16(dev, 0x0606, 0x0200);
3330 } else {
3331 b43_write32(dev, 0x0188, 0x80000000);
3332 b43_write32(dev, 0x018C, 0x02000000);
3333 }
3334 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
3335 b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001FC00);
3336 b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
3337 b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
3338 b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
3339 b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
3340 b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
3341
3342 b43_mac_phy_clock_set(dev, true);
3343
3344 switch (dev->dev->bus_type) {
3345#ifdef CONFIG_B43_BCMA
3346 case B43_BUS_BCMA:
3347 /* FIXME: 0xE74 is quite common, but should be read from CC */
3348 b43_write16(dev, B43_MMIO_POWERUP_DELAY, 0xE74);
3349 break;
3350#endif
3351#ifdef CONFIG_B43_SSB
3352 case B43_BUS_SSB:
3353 b43_write16(dev, B43_MMIO_POWERUP_DELAY,
3354 dev->dev->sdev->bus->chipco.fast_pwrup_delay);
3355 break;
3356#endif
3357 }
3358
3359 err = 0;
3360 b43dbg(dev->wl, "Chip initialized\n");
3361out:
3362 return err;
3363
3364err_gpio_clean:
3365 b43_gpio_cleanup(dev);
3366 return err;
3367}
3368
3369static void b43_periodic_every60sec(struct b43_wldev *dev)
3370{
3371 const struct b43_phy_operations *ops = dev->phy.ops;
3372
3373 if (ops->pwork_60sec)
3374 ops->pwork_60sec(dev);
3375
3376 /* Force check the TX power emission now. */
3377 b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
3378}
3379
3380static void b43_periodic_every30sec(struct b43_wldev *dev)
3381{
3382 /* Update device statistics. */
3383 b43_calculate_link_quality(dev);
3384}
3385
3386static void b43_periodic_every15sec(struct b43_wldev *dev)
3387{
3388 struct b43_phy *phy = &dev->phy;
3389 u16 wdr;
3390
3391 if (dev->fw.opensource) {
3392 /* Check if the firmware is still alive.
3393 * It will reset the watchdog counter to 0 in its idle loop. */
3394 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
3395 if (unlikely(wdr)) {
3396 b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
3397 b43_controller_restart(dev, "Firmware watchdog");
3398 return;
3399 } else {
3400 b43_shm_write16(dev, B43_SHM_SCRATCH,
3401 B43_WATCHDOG_REG, 1);
3402 }
3403 }
3404
3405 if (phy->ops->pwork_15sec)
3406 phy->ops->pwork_15sec(dev);
3407
3408 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3409 wmb();
3410
3411#if B43_DEBUG
3412 if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
3413 unsigned int i;
3414
3415 b43dbg(dev->wl, "Stats: %7u IRQs/sec, %7u TX/sec, %7u RX/sec\n",
3416 dev->irq_count / 15,
3417 dev->tx_count / 15,
3418 dev->rx_count / 15);
3419 dev->irq_count = 0;
3420 dev->tx_count = 0;
3421 dev->rx_count = 0;
3422 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
3423 if (dev->irq_bit_count[i]) {
3424 b43dbg(dev->wl, "Stats: %7u IRQ-%02u/sec (0x%08X)\n",
3425 dev->irq_bit_count[i] / 15, i, (1 << i));
3426 dev->irq_bit_count[i] = 0;
3427 }
3428 }
3429 }
3430#endif
3431}
3432
3433static void do_periodic_work(struct b43_wldev *dev)
3434{
3435 unsigned int state;
3436
3437 state = dev->periodic_state;
3438 if (state % 4 == 0)
3439 b43_periodic_every60sec(dev);
3440 if (state % 2 == 0)
3441 b43_periodic_every30sec(dev);
3442 b43_periodic_every15sec(dev);
3443}
3444
3445/* Periodic work locking policy:
3446 * The whole periodic work handler is protected by
3447 * wl->mutex. If another lock is needed somewhere in the
3448 * pwork callchain, it's acquired in-place, where it's needed.
3449 */
3450static void b43_periodic_work_handler(struct work_struct *work)
3451{
3452 struct b43_wldev *dev = container_of(work, struct b43_wldev,
3453 periodic_work.work);
3454 struct b43_wl *wl = dev->wl;
3455 unsigned long delay;
3456
3457 mutex_lock(&wl->mutex);
3458
3459 if (unlikely(b43_status(dev) != B43_STAT_STARTED))
3460 goto out;
3461 if (b43_debug(dev, B43_DBG_PWORK_STOP))
3462 goto out_requeue;
3463
3464 do_periodic_work(dev);
3465
3466 dev->periodic_state++;
3467out_requeue:
3468 if (b43_debug(dev, B43_DBG_PWORK_FAST))
3469 delay = msecs_to_jiffies(50);
3470 else
3471 delay = round_jiffies_relative(HZ * 15);
3472 ieee80211_queue_delayed_work(wl->hw, &dev->periodic_work, delay);
3473out:
3474 mutex_unlock(&wl->mutex);
3475}
3476
3477static void b43_periodic_tasks_setup(struct b43_wldev *dev)
3478{
3479 struct delayed_work *work = &dev->periodic_work;
3480
3481 dev->periodic_state = 0;
3482 INIT_DELAYED_WORK(work, b43_periodic_work_handler);
3483 ieee80211_queue_delayed_work(dev->wl->hw, work, 0);
3484}
3485
3486/* Check if communication with the device works correctly. */
3487static int b43_validate_chipaccess(struct b43_wldev *dev)
3488{
3489 u32 v, backup0, backup4;
3490
3491 backup0 = b43_shm_read32(dev, B43_SHM_SHARED, 0);
3492 backup4 = b43_shm_read32(dev, B43_SHM_SHARED, 4);
3493
3494 /* Check for read/write and endianness problems. */
3495 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
3496 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
3497 goto error;
3498 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
3499 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
3500 goto error;
3501
3502 /* Check if unaligned 32bit SHM_SHARED access works properly.
3503 * However, don't bail out on failure, because it's noncritical. */
3504 b43_shm_write16(dev, B43_SHM_SHARED, 0, 0x1122);
3505 b43_shm_write16(dev, B43_SHM_SHARED, 2, 0x3344);
3506 b43_shm_write16(dev, B43_SHM_SHARED, 4, 0x5566);
3507 b43_shm_write16(dev, B43_SHM_SHARED, 6, 0x7788);
3508 if (b43_shm_read32(dev, B43_SHM_SHARED, 2) != 0x55663344)
3509 b43warn(dev->wl, "Unaligned 32bit SHM read access is broken\n");
3510 b43_shm_write32(dev, B43_SHM_SHARED, 2, 0xAABBCCDD);
3511 if (b43_shm_read16(dev, B43_SHM_SHARED, 0) != 0x1122 ||
3512 b43_shm_read16(dev, B43_SHM_SHARED, 2) != 0xCCDD ||
3513 b43_shm_read16(dev, B43_SHM_SHARED, 4) != 0xAABB ||
3514 b43_shm_read16(dev, B43_SHM_SHARED, 6) != 0x7788)
3515 b43warn(dev->wl, "Unaligned 32bit SHM write access is broken\n");
3516
3517 b43_shm_write32(dev, B43_SHM_SHARED, 0, backup0);
3518 b43_shm_write32(dev, B43_SHM_SHARED, 4, backup4);
3519
3520 if ((dev->dev->core_rev >= 3) && (dev->dev->core_rev <= 10)) {
3521 /* The 32bit register shadows the two 16bit registers
3522 * with update sideeffects. Validate this. */
3523 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
3524 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
3525 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
3526 goto error;
3527 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
3528 goto error;
3529 }
3530 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
3531
3532 v = b43_read32(dev, B43_MMIO_MACCTL);
3533 v |= B43_MACCTL_GMODE;
3534 if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
3535 goto error;
3536
3537 return 0;
3538error:
3539 b43err(dev->wl, "Failed to validate the chipaccess\n");
3540 return -ENODEV;
3541}
3542
3543static void b43_security_init(struct b43_wldev *dev)
3544{
3545 dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
3546 /* KTP is a word address, but we address SHM bytewise.
3547 * So multiply by two.
3548 */
3549 dev->ktp *= 2;
3550 /* Number of RCMTA address slots */
3551 b43_write16(dev, B43_MMIO_RCMTA_COUNT, B43_NR_PAIRWISE_KEYS);
3552 /* Clear the key memory. */
3553 b43_clear_keys(dev);
3554}
3555
3556#ifdef CONFIG_B43_HWRNG
3557static int b43_rng_read(struct hwrng *rng, u32 *data)
3558{
3559 struct b43_wl *wl = (struct b43_wl *)rng->priv;
3560 struct b43_wldev *dev;
3561 int count = -ENODEV;
3562
3563 mutex_lock(&wl->mutex);
3564 dev = wl->current_dev;
3565 if (likely(dev && b43_status(dev) >= B43_STAT_INITIALIZED)) {
3566 *data = b43_read16(dev, B43_MMIO_RNG);
3567 count = sizeof(u16);
3568 }
3569 mutex_unlock(&wl->mutex);
3570
3571 return count;
3572}
3573#endif /* CONFIG_B43_HWRNG */
3574
3575static void b43_rng_exit(struct b43_wl *wl)
3576{
3577#ifdef CONFIG_B43_HWRNG
3578 if (wl->rng_initialized)
3579 hwrng_unregister(&wl->rng);
3580#endif /* CONFIG_B43_HWRNG */
3581}
3582
3583static int b43_rng_init(struct b43_wl *wl)
3584{
3585 int err = 0;
3586
3587#ifdef CONFIG_B43_HWRNG
3588 snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
3589 "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
3590 wl->rng.name = wl->rng_name;
3591 wl->rng.data_read = b43_rng_read;
3592 wl->rng.priv = (unsigned long)wl;
3593 wl->rng_initialized = true;
3594 err = hwrng_register(&wl->rng);
3595 if (err) {
3596 wl->rng_initialized = false;
3597 b43err(wl, "Failed to register the random "
3598 "number generator (%d)\n", err);
3599 }
3600#endif /* CONFIG_B43_HWRNG */
3601
3602 return err;
3603}
3604
3605static void b43_tx_work(struct work_struct *work)
3606{
3607 struct b43_wl *wl = container_of(work, struct b43_wl, tx_work);
3608 struct b43_wldev *dev;
3609 struct sk_buff *skb;
3610 int queue_num;
3611 int err = 0;
3612
3613 mutex_lock(&wl->mutex);
3614 dev = wl->current_dev;
3615 if (unlikely(!dev || b43_status(dev) < B43_STAT_STARTED)) {
3616 mutex_unlock(&wl->mutex);
3617 return;
3618 }
3619
3620 for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
3621 while (skb_queue_len(&wl->tx_queue[queue_num])) {
3622 skb = skb_dequeue(&wl->tx_queue[queue_num]);
3623 if (b43_using_pio_transfers(dev))
3624 err = b43_pio_tx(dev, skb);
3625 else
3626 err = b43_dma_tx(dev, skb);
3627 if (err == -ENOSPC) {
3628 wl->tx_queue_stopped[queue_num] = 1;
3629 ieee80211_stop_queue(wl->hw, queue_num);
3630 skb_queue_head(&wl->tx_queue[queue_num], skb);
3631 break;
3632 }
3633 if (unlikely(err))
3634 ieee80211_free_txskb(wl->hw, skb);
3635 err = 0;
3636 }
3637
3638 if (!err)
3639 wl->tx_queue_stopped[queue_num] = 0;
3640 }
3641
3642#if B43_DEBUG
3643 dev->tx_count++;
3644#endif
3645 mutex_unlock(&wl->mutex);
3646}
3647
3648static void b43_op_tx(struct ieee80211_hw *hw,
3649 struct ieee80211_tx_control *control,
3650 struct sk_buff *skb)
3651{
3652 struct b43_wl *wl = hw_to_b43_wl(hw);
3653
3654 if (unlikely(skb->len < 2 + 2 + 6)) {
3655 /* Too short, this can't be a valid frame. */
3656 ieee80211_free_txskb(hw, skb);
3657 return;
3658 }
3659 B43_WARN_ON(skb_shinfo(skb)->nr_frags);
3660
3661 skb_queue_tail(&wl->tx_queue[skb->queue_mapping], skb);
3662 if (!wl->tx_queue_stopped[skb->queue_mapping]) {
3663 ieee80211_queue_work(wl->hw, &wl->tx_work);
3664 } else {
3665 ieee80211_stop_queue(wl->hw, skb->queue_mapping);
3666 }
3667}
3668
3669static void b43_qos_params_upload(struct b43_wldev *dev,
3670 const struct ieee80211_tx_queue_params *p,
3671 u16 shm_offset)
3672{
3673 u16 params[B43_NR_QOSPARAMS];
3674 int bslots, tmp;
3675 unsigned int i;
3676
3677 if (!dev->qos_enabled)
3678 return;
3679
3680 bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
3681
3682 memset(¶ms, 0, sizeof(params));
3683
3684 params[B43_QOSPARAM_TXOP] = p->txop * 32;
3685 params[B43_QOSPARAM_CWMIN] = p->cw_min;
3686 params[B43_QOSPARAM_CWMAX] = p->cw_max;
3687 params[B43_QOSPARAM_CWCUR] = p->cw_min;
3688 params[B43_QOSPARAM_AIFS] = p->aifs;
3689 params[B43_QOSPARAM_BSLOTS] = bslots;
3690 params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3691
3692 for (i = 0; i < ARRAY_SIZE(params); i++) {
3693 if (i == B43_QOSPARAM_STATUS) {
3694 tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3695 shm_offset + (i * 2));
3696 /* Mark the parameters as updated. */
3697 tmp |= 0x100;
3698 b43_shm_write16(dev, B43_SHM_SHARED,
3699 shm_offset + (i * 2),
3700 tmp);
3701 } else {
3702 b43_shm_write16(dev, B43_SHM_SHARED,
3703 shm_offset + (i * 2),
3704 params[i]);
3705 }
3706 }
3707}
3708
3709/* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3710static const u16 b43_qos_shm_offsets[] = {
3711 /* [mac80211-queue-nr] = SHM_OFFSET, */
3712 [0] = B43_QOS_VOICE,
3713 [1] = B43_QOS_VIDEO,
3714 [2] = B43_QOS_BESTEFFORT,
3715 [3] = B43_QOS_BACKGROUND,
3716};
3717
3718/* Update all QOS parameters in hardware. */
3719static void b43_qos_upload_all(struct b43_wldev *dev)
3720{
3721 struct b43_wl *wl = dev->wl;
3722 struct b43_qos_params *params;
3723 unsigned int i;
3724
3725 if (!dev->qos_enabled)
3726 return;
3727
3728 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3729 ARRAY_SIZE(wl->qos_params));
3730
3731 b43_mac_suspend(dev);
3732 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3733 params = &(wl->qos_params[i]);
3734 b43_qos_params_upload(dev, &(params->p),
3735 b43_qos_shm_offsets[i]);
3736 }
3737 b43_mac_enable(dev);
3738}
3739
3740static void b43_qos_clear(struct b43_wl *wl)
3741{
3742 struct b43_qos_params *params;
3743 unsigned int i;
3744
3745 /* Initialize QoS parameters to sane defaults. */
3746
3747 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3748 ARRAY_SIZE(wl->qos_params));
3749
3750 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3751 params = &(wl->qos_params[i]);
3752
3753 switch (b43_qos_shm_offsets[i]) {
3754 case B43_QOS_VOICE:
3755 params->p.txop = 0;
3756 params->p.aifs = 2;
3757 params->p.cw_min = 0x0001;
3758 params->p.cw_max = 0x0001;
3759 break;
3760 case B43_QOS_VIDEO:
3761 params->p.txop = 0;
3762 params->p.aifs = 2;
3763 params->p.cw_min = 0x0001;
3764 params->p.cw_max = 0x0001;
3765 break;
3766 case B43_QOS_BESTEFFORT:
3767 params->p.txop = 0;
3768 params->p.aifs = 3;
3769 params->p.cw_min = 0x0001;
3770 params->p.cw_max = 0x03FF;
3771 break;
3772 case B43_QOS_BACKGROUND:
3773 params->p.txop = 0;
3774 params->p.aifs = 7;
3775 params->p.cw_min = 0x0001;
3776 params->p.cw_max = 0x03FF;
3777 break;
3778 default:
3779 B43_WARN_ON(1);
3780 }
3781 }
3782}
3783
3784/* Initialize the core's QOS capabilities */
3785static void b43_qos_init(struct b43_wldev *dev)
3786{
3787 if (!dev->qos_enabled) {
3788 /* Disable QOS support. */
3789 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_EDCF);
3790 b43_write16(dev, B43_MMIO_IFSCTL,
3791 b43_read16(dev, B43_MMIO_IFSCTL)
3792 & ~B43_MMIO_IFSCTL_USE_EDCF);
3793 b43dbg(dev->wl, "QoS disabled\n");
3794 return;
3795 }
3796
3797 /* Upload the current QOS parameters. */
3798 b43_qos_upload_all(dev);
3799
3800 /* Enable QOS support. */
3801 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3802 b43_write16(dev, B43_MMIO_IFSCTL,
3803 b43_read16(dev, B43_MMIO_IFSCTL)
3804 | B43_MMIO_IFSCTL_USE_EDCF);
3805 b43dbg(dev->wl, "QoS enabled\n");
3806}
3807
3808static int b43_op_conf_tx(struct ieee80211_hw *hw,
3809 struct ieee80211_vif *vif, u16 _queue,
3810 const struct ieee80211_tx_queue_params *params)
3811{
3812 struct b43_wl *wl = hw_to_b43_wl(hw);
3813 struct b43_wldev *dev;
3814 unsigned int queue = (unsigned int)_queue;
3815 int err = -ENODEV;
3816
3817 if (queue >= ARRAY_SIZE(wl->qos_params)) {
3818 /* Queue not available or don't support setting
3819 * params on this queue. Return success to not
3820 * confuse mac80211. */
3821 return 0;
3822 }
3823 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3824 ARRAY_SIZE(wl->qos_params));
3825
3826 mutex_lock(&wl->mutex);
3827 dev = wl->current_dev;
3828 if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
3829 goto out_unlock;
3830
3831 memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
3832 b43_mac_suspend(dev);
3833 b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
3834 b43_qos_shm_offsets[queue]);
3835 b43_mac_enable(dev);
3836 err = 0;
3837
3838out_unlock:
3839 mutex_unlock(&wl->mutex);
3840
3841 return err;
3842}
3843
3844static int b43_op_get_stats(struct ieee80211_hw *hw,
3845 struct ieee80211_low_level_stats *stats)
3846{
3847 struct b43_wl *wl = hw_to_b43_wl(hw);
3848
3849 mutex_lock(&wl->mutex);
3850 memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3851 mutex_unlock(&wl->mutex);
3852
3853 return 0;
3854}
3855
3856static u64 b43_op_get_tsf(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
3857{
3858 struct b43_wl *wl = hw_to_b43_wl(hw);
3859 struct b43_wldev *dev;
3860 u64 tsf;
3861
3862 mutex_lock(&wl->mutex);
3863 dev = wl->current_dev;
3864
3865 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3866 b43_tsf_read(dev, &tsf);
3867 else
3868 tsf = 0;
3869
3870 mutex_unlock(&wl->mutex);
3871
3872 return tsf;
3873}
3874
3875static void b43_op_set_tsf(struct ieee80211_hw *hw,
3876 struct ieee80211_vif *vif, u64 tsf)
3877{
3878 struct b43_wl *wl = hw_to_b43_wl(hw);
3879 struct b43_wldev *dev;
3880
3881 mutex_lock(&wl->mutex);
3882 dev = wl->current_dev;
3883
3884 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3885 b43_tsf_write(dev, tsf);
3886
3887 mutex_unlock(&wl->mutex);
3888}
3889
3890static const char *band_to_string(enum nl80211_band band)
3891{
3892 switch (band) {
3893 case NL80211_BAND_5GHZ:
3894 return "5";
3895 case NL80211_BAND_2GHZ:
3896 return "2.4";
3897 default:
3898 break;
3899 }
3900 B43_WARN_ON(1);
3901 return "";
3902}
3903
3904/* Expects wl->mutex locked */
3905static int b43_switch_band(struct b43_wldev *dev,
3906 struct ieee80211_channel *chan)
3907{
3908 struct b43_phy *phy = &dev->phy;
3909 bool gmode;
3910 u32 tmp;
3911
3912 switch (chan->band) {
3913 case NL80211_BAND_5GHZ:
3914 gmode = false;
3915 break;
3916 case NL80211_BAND_2GHZ:
3917 gmode = true;
3918 break;
3919 default:
3920 B43_WARN_ON(1);
3921 return -EINVAL;
3922 }
3923
3924 if (!((gmode && phy->supports_2ghz) ||
3925 (!gmode && phy->supports_5ghz))) {
3926 b43err(dev->wl, "This device doesn't support %s-GHz band\n",
3927 band_to_string(chan->band));
3928 return -ENODEV;
3929 }
3930
3931 if (!!phy->gmode == !!gmode) {
3932 /* This device is already running. */
3933 return 0;
3934 }
3935
3936 b43dbg(dev->wl, "Switching to %s GHz band\n",
3937 band_to_string(chan->band));
3938
3939 /* Some new devices don't need disabling radio for band switching */
3940 if (!(phy->type == B43_PHYTYPE_N && phy->rev >= 3))
3941 b43_software_rfkill(dev, true);
3942
3943 phy->gmode = gmode;
3944 b43_phy_put_into_reset(dev);
3945 switch (dev->dev->bus_type) {
3946#ifdef CONFIG_B43_BCMA
3947 case B43_BUS_BCMA:
3948 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
3949 if (gmode)
3950 tmp |= B43_BCMA_IOCTL_GMODE;
3951 else
3952 tmp &= ~B43_BCMA_IOCTL_GMODE;
3953 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
3954 break;
3955#endif
3956#ifdef CONFIG_B43_SSB
3957 case B43_BUS_SSB:
3958 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3959 if (gmode)
3960 tmp |= B43_TMSLOW_GMODE;
3961 else
3962 tmp &= ~B43_TMSLOW_GMODE;
3963 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3964 break;
3965#endif
3966 }
3967 b43_phy_take_out_of_reset(dev);
3968
3969 b43_upload_initvals_band(dev);
3970
3971 b43_phy_init(dev);
3972
3973 return 0;
3974}
3975
3976static void b43_set_beacon_listen_interval(struct b43_wldev *dev, u16 interval)
3977{
3978 interval = min_t(u16, interval, (u16)0xFF);
3979 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BCN_LI, interval);
3980}
3981
3982/* Write the short and long frame retry limit values. */
3983static void b43_set_retry_limits(struct b43_wldev *dev,
3984 unsigned int short_retry,
3985 unsigned int long_retry)
3986{
3987 /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3988 * the chip-internal counter. */
3989 short_retry = min(short_retry, (unsigned int)0xF);
3990 long_retry = min(long_retry, (unsigned int)0xF);
3991
3992 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3993 short_retry);
3994 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3995 long_retry);
3996}
3997
3998static int b43_op_config(struct ieee80211_hw *hw, u32 changed)
3999{
4000 struct b43_wl *wl = hw_to_b43_wl(hw);
4001 struct b43_wldev *dev = wl->current_dev;
4002 struct b43_phy *phy = &dev->phy;
4003 struct ieee80211_conf *conf = &hw->conf;
4004 int antenna;
4005 int err = 0;
4006
4007 mutex_lock(&wl->mutex);
4008 b43_mac_suspend(dev);
4009
4010 if (changed & IEEE80211_CONF_CHANGE_LISTEN_INTERVAL)
4011 b43_set_beacon_listen_interval(dev, conf->listen_interval);
4012
4013 if (changed & IEEE80211_CONF_CHANGE_CHANNEL) {
4014 phy->chandef = &conf->chandef;
4015 phy->channel = conf->chandef.chan->hw_value;
4016
4017 /* Switch the band (if necessary). */
4018 err = b43_switch_band(dev, conf->chandef.chan);
4019 if (err)
4020 goto out_mac_enable;
4021
4022 /* Switch to the requested channel.
4023 * The firmware takes care of races with the TX handler.
4024 */
4025 b43_switch_channel(dev, phy->channel);
4026 }
4027
4028 if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
4029 b43_set_retry_limits(dev, conf->short_frame_max_tx_count,
4030 conf->long_frame_max_tx_count);
4031 changed &= ~IEEE80211_CONF_CHANGE_RETRY_LIMITS;
4032 if (!changed)
4033 goto out_mac_enable;
4034
4035 dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_MONITOR);
4036
4037 /* Adjust the desired TX power level. */
4038 if (conf->power_level != 0) {
4039 if (conf->power_level != phy->desired_txpower) {
4040 phy->desired_txpower = conf->power_level;
4041 b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
4042 B43_TXPWR_IGNORE_TSSI);
4043 }
4044 }
4045
4046 /* Antennas for RX and management frame TX. */
4047 antenna = B43_ANTENNA_DEFAULT;
4048 b43_mgmtframe_txantenna(dev, antenna);
4049 antenna = B43_ANTENNA_DEFAULT;
4050 if (phy->ops->set_rx_antenna)
4051 phy->ops->set_rx_antenna(dev, antenna);
4052
4053 if (wl->radio_enabled != phy->radio_on) {
4054 if (wl->radio_enabled) {
4055 b43_software_rfkill(dev, false);
4056 b43info(dev->wl, "Radio turned on by software\n");
4057 if (!dev->radio_hw_enable) {
4058 b43info(dev->wl, "The hardware RF-kill button "
4059 "still turns the radio physically off. "
4060 "Press the button to turn it on.\n");
4061 }
4062 } else {
4063 b43_software_rfkill(dev, true);
4064 b43info(dev->wl, "Radio turned off by software\n");
4065 }
4066 }
4067
4068out_mac_enable:
4069 b43_mac_enable(dev);
4070 mutex_unlock(&wl->mutex);
4071
4072 return err;
4073}
4074
4075static void b43_update_basic_rates(struct b43_wldev *dev, u32 brates)
4076{
4077 struct ieee80211_supported_band *sband =
4078 dev->wl->hw->wiphy->bands[b43_current_band(dev->wl)];
4079 struct ieee80211_rate *rate;
4080 int i;
4081 u16 basic, direct, offset, basic_offset, rateptr;
4082
4083 for (i = 0; i < sband->n_bitrates; i++) {
4084 rate = &sband->bitrates[i];
4085
4086 if (b43_is_cck_rate(rate->hw_value)) {
4087 direct = B43_SHM_SH_CCKDIRECT;
4088 basic = B43_SHM_SH_CCKBASIC;
4089 offset = b43_plcp_get_ratecode_cck(rate->hw_value);
4090 offset &= 0xF;
4091 } else {
4092 direct = B43_SHM_SH_OFDMDIRECT;
4093 basic = B43_SHM_SH_OFDMBASIC;
4094 offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
4095 offset &= 0xF;
4096 }
4097
4098 rate = ieee80211_get_response_rate(sband, brates, rate->bitrate);
4099
4100 if (b43_is_cck_rate(rate->hw_value)) {
4101 basic_offset = b43_plcp_get_ratecode_cck(rate->hw_value);
4102 basic_offset &= 0xF;
4103 } else {
4104 basic_offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
4105 basic_offset &= 0xF;
4106 }
4107
4108 /*
4109 * Get the pointer that we need to point to
4110 * from the direct map
4111 */
4112 rateptr = b43_shm_read16(dev, B43_SHM_SHARED,
4113 direct + 2 * basic_offset);
4114 /* and write it to the basic map */
4115 b43_shm_write16(dev, B43_SHM_SHARED, basic + 2 * offset,
4116 rateptr);
4117 }
4118}
4119
4120static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
4121 struct ieee80211_vif *vif,
4122 struct ieee80211_bss_conf *conf,
4123 u32 changed)
4124{
4125 struct b43_wl *wl = hw_to_b43_wl(hw);
4126 struct b43_wldev *dev;
4127
4128 mutex_lock(&wl->mutex);
4129
4130 dev = wl->current_dev;
4131 if (!dev || b43_status(dev) < B43_STAT_STARTED)
4132 goto out_unlock_mutex;
4133
4134 B43_WARN_ON(wl->vif != vif);
4135
4136 if (changed & BSS_CHANGED_BSSID) {
4137 if (conf->bssid)
4138 memcpy(wl->bssid, conf->bssid, ETH_ALEN);
4139 else
4140 eth_zero_addr(wl->bssid);
4141 }
4142
4143 if (b43_status(dev) >= B43_STAT_INITIALIZED) {
4144 if (changed & BSS_CHANGED_BEACON &&
4145 (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
4146 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
4147 b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
4148 b43_update_templates(wl);
4149
4150 if (changed & BSS_CHANGED_BSSID)
4151 b43_write_mac_bssid_templates(dev);
4152 }
4153
4154 b43_mac_suspend(dev);
4155
4156 /* Update templates for AP/mesh mode. */
4157 if (changed & BSS_CHANGED_BEACON_INT &&
4158 (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
4159 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
4160 b43_is_mode(wl, NL80211_IFTYPE_ADHOC)) &&
4161 conf->beacon_int)
4162 b43_set_beacon_int(dev, conf->beacon_int);
4163
4164 if (changed & BSS_CHANGED_BASIC_RATES)
4165 b43_update_basic_rates(dev, conf->basic_rates);
4166
4167 if (changed & BSS_CHANGED_ERP_SLOT) {
4168 if (conf->use_short_slot)
4169 b43_short_slot_timing_enable(dev);
4170 else
4171 b43_short_slot_timing_disable(dev);
4172 }
4173
4174 b43_mac_enable(dev);
4175out_unlock_mutex:
4176 mutex_unlock(&wl->mutex);
4177}
4178
4179static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
4180 struct ieee80211_vif *vif, struct ieee80211_sta *sta,
4181 struct ieee80211_key_conf *key)
4182{
4183 struct b43_wl *wl = hw_to_b43_wl(hw);
4184 struct b43_wldev *dev;
4185 u8 algorithm;
4186 u8 index;
4187 int err;
4188 static const u8 bcast_addr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
4189
4190 if (modparam_nohwcrypt)
4191 return -ENOSPC; /* User disabled HW-crypto */
4192
4193 if ((vif->type == NL80211_IFTYPE_ADHOC ||
4194 vif->type == NL80211_IFTYPE_MESH_POINT) &&
4195 (key->cipher == WLAN_CIPHER_SUITE_TKIP ||
4196 key->cipher == WLAN_CIPHER_SUITE_CCMP) &&
4197 !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
4198 /*
4199 * For now, disable hw crypto for the RSN IBSS group keys. This
4200 * could be optimized in the future, but until that gets
4201 * implemented, use of software crypto for group addressed
4202 * frames is a acceptable to allow RSN IBSS to be used.
4203 */
4204 return -EOPNOTSUPP;
4205 }
4206
4207 mutex_lock(&wl->mutex);
4208
4209 dev = wl->current_dev;
4210 err = -ENODEV;
4211 if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
4212 goto out_unlock;
4213
4214 if (dev->fw.pcm_request_failed || !dev->hwcrypto_enabled) {
4215 /* We don't have firmware for the crypto engine.
4216 * Must use software-crypto. */
4217 err = -EOPNOTSUPP;
4218 goto out_unlock;
4219 }
4220
4221 err = -EINVAL;
4222 switch (key->cipher) {
4223 case WLAN_CIPHER_SUITE_WEP40:
4224 algorithm = B43_SEC_ALGO_WEP40;
4225 break;
4226 case WLAN_CIPHER_SUITE_WEP104:
4227 algorithm = B43_SEC_ALGO_WEP104;
4228 break;
4229 case WLAN_CIPHER_SUITE_TKIP:
4230 algorithm = B43_SEC_ALGO_TKIP;
4231 break;
4232 case WLAN_CIPHER_SUITE_CCMP:
4233 algorithm = B43_SEC_ALGO_AES;
4234 break;
4235 default:
4236 B43_WARN_ON(1);
4237 goto out_unlock;
4238 }
4239 index = (u8) (key->keyidx);
4240 if (index > 3)
4241 goto out_unlock;
4242
4243 switch (cmd) {
4244 case SET_KEY:
4245 if (algorithm == B43_SEC_ALGO_TKIP &&
4246 (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE) ||
4247 !modparam_hwtkip)) {
4248 /* We support only pairwise key */
4249 err = -EOPNOTSUPP;
4250 goto out_unlock;
4251 }
4252
4253 if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
4254 if (WARN_ON(!sta)) {
4255 err = -EOPNOTSUPP;
4256 goto out_unlock;
4257 }
4258 /* Pairwise key with an assigned MAC address. */
4259 err = b43_key_write(dev, -1, algorithm,
4260 key->key, key->keylen,
4261 sta->addr, key);
4262 } else {
4263 /* Group key */
4264 err = b43_key_write(dev, index, algorithm,
4265 key->key, key->keylen, NULL, key);
4266 }
4267 if (err)
4268 goto out_unlock;
4269
4270 if (algorithm == B43_SEC_ALGO_WEP40 ||
4271 algorithm == B43_SEC_ALGO_WEP104) {
4272 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
4273 } else {
4274 b43_hf_write(dev,
4275 b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
4276 }
4277 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
4278 if (algorithm == B43_SEC_ALGO_TKIP)
4279 key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIC;
4280 break;
4281 case DISABLE_KEY: {
4282 err = b43_key_clear(dev, key->hw_key_idx);
4283 if (err)
4284 goto out_unlock;
4285 break;
4286 }
4287 default:
4288 B43_WARN_ON(1);
4289 }
4290
4291out_unlock:
4292 if (!err) {
4293 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
4294 "mac: %pM\n",
4295 cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
4296 sta ? sta->addr : bcast_addr);
4297 b43_dump_keymemory(dev);
4298 }
4299 mutex_unlock(&wl->mutex);
4300
4301 return err;
4302}
4303
4304static void b43_op_configure_filter(struct ieee80211_hw *hw,
4305 unsigned int changed, unsigned int *fflags,
4306 u64 multicast)
4307{
4308 struct b43_wl *wl = hw_to_b43_wl(hw);
4309 struct b43_wldev *dev;
4310
4311 mutex_lock(&wl->mutex);
4312 dev = wl->current_dev;
4313 if (!dev) {
4314 *fflags = 0;
4315 goto out_unlock;
4316 }
4317
4318 *fflags &= FIF_ALLMULTI |
4319 FIF_FCSFAIL |
4320 FIF_PLCPFAIL |
4321 FIF_CONTROL |
4322 FIF_OTHER_BSS |
4323 FIF_BCN_PRBRESP_PROMISC;
4324
4325 changed &= FIF_ALLMULTI |
4326 FIF_FCSFAIL |
4327 FIF_PLCPFAIL |
4328 FIF_CONTROL |
4329 FIF_OTHER_BSS |
4330 FIF_BCN_PRBRESP_PROMISC;
4331
4332 wl->filter_flags = *fflags;
4333
4334 if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
4335 b43_adjust_opmode(dev);
4336
4337out_unlock:
4338 mutex_unlock(&wl->mutex);
4339}
4340
4341/* Locking: wl->mutex
4342 * Returns the current dev. This might be different from the passed in dev,
4343 * because the core might be gone away while we unlocked the mutex. */
4344static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev)
4345{
4346 struct b43_wl *wl;
4347 struct b43_wldev *orig_dev;
4348 u32 mask;
4349 int queue_num;
4350
4351 if (!dev)
4352 return NULL;
4353 wl = dev->wl;
4354redo:
4355 if (!dev || b43_status(dev) < B43_STAT_STARTED)
4356 return dev;
4357
4358 /* Cancel work. Unlock to avoid deadlocks. */
4359 mutex_unlock(&wl->mutex);
4360 cancel_delayed_work_sync(&dev->periodic_work);
4361 cancel_work_sync(&wl->tx_work);
4362 b43_leds_stop(dev);
4363 mutex_lock(&wl->mutex);
4364 dev = wl->current_dev;
4365 if (!dev || b43_status(dev) < B43_STAT_STARTED) {
4366 /* Whoops, aliens ate up the device while we were unlocked. */
4367 return dev;
4368 }
4369
4370 /* Disable interrupts on the device. */
4371 b43_set_status(dev, B43_STAT_INITIALIZED);
4372 if (b43_bus_host_is_sdio(dev->dev)) {
4373 /* wl->mutex is locked. That is enough. */
4374 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4375 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4376 } else {
4377 spin_lock_irq(&wl->hardirq_lock);
4378 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4379 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4380 spin_unlock_irq(&wl->hardirq_lock);
4381 }
4382 /* Synchronize and free the interrupt handlers. Unlock to avoid deadlocks. */
4383 orig_dev = dev;
4384 mutex_unlock(&wl->mutex);
4385 if (b43_bus_host_is_sdio(dev->dev))
4386 b43_sdio_free_irq(dev);
4387 else
4388 free_irq(dev->dev->irq, dev);
4389 mutex_lock(&wl->mutex);
4390 dev = wl->current_dev;
4391 if (!dev)
4392 return dev;
4393 if (dev != orig_dev) {
4394 if (b43_status(dev) >= B43_STAT_STARTED)
4395 goto redo;
4396 return dev;
4397 }
4398 mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
4399 B43_WARN_ON(mask != 0xFFFFFFFF && mask);
4400
4401 /* Drain all TX queues. */
4402 for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
4403 while (skb_queue_len(&wl->tx_queue[queue_num])) {
4404 struct sk_buff *skb;
4405
4406 skb = skb_dequeue(&wl->tx_queue[queue_num]);
4407 ieee80211_free_txskb(wl->hw, skb);
4408 }
4409 }
4410
4411 b43_mac_suspend(dev);
4412 b43_leds_exit(dev);
4413 b43dbg(wl, "Wireless interface stopped\n");
4414
4415 return dev;
4416}
4417
4418/* Locking: wl->mutex */
4419static int b43_wireless_core_start(struct b43_wldev *dev)
4420{
4421 int err;
4422
4423 B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
4424
4425 drain_txstatus_queue(dev);
4426 if (b43_bus_host_is_sdio(dev->dev)) {
4427 err = b43_sdio_request_irq(dev, b43_sdio_interrupt_handler);
4428 if (err) {
4429 b43err(dev->wl, "Cannot request SDIO IRQ\n");
4430 goto out;
4431 }
4432 } else {
4433 err = request_threaded_irq(dev->dev->irq, b43_interrupt_handler,
4434 b43_interrupt_thread_handler,
4435 IRQF_SHARED, KBUILD_MODNAME, dev);
4436 if (err) {
4437 b43err(dev->wl, "Cannot request IRQ-%d\n",
4438 dev->dev->irq);
4439 goto out;
4440 }
4441 }
4442
4443 /* We are ready to run. */
4444 ieee80211_wake_queues(dev->wl->hw);
4445 b43_set_status(dev, B43_STAT_STARTED);
4446
4447 /* Start data flow (TX/RX). */
4448 b43_mac_enable(dev);
4449 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
4450
4451 /* Start maintenance work */
4452 b43_periodic_tasks_setup(dev);
4453
4454 b43_leds_init(dev);
4455
4456 b43dbg(dev->wl, "Wireless interface started\n");
4457out:
4458 return err;
4459}
4460
4461static char *b43_phy_name(struct b43_wldev *dev, u8 phy_type)
4462{
4463 switch (phy_type) {
4464 case B43_PHYTYPE_A:
4465 return "A";
4466 case B43_PHYTYPE_B:
4467 return "B";
4468 case B43_PHYTYPE_G:
4469 return "G";
4470 case B43_PHYTYPE_N:
4471 return "N";
4472 case B43_PHYTYPE_LP:
4473 return "LP";
4474 case B43_PHYTYPE_SSLPN:
4475 return "SSLPN";
4476 case B43_PHYTYPE_HT:
4477 return "HT";
4478 case B43_PHYTYPE_LCN:
4479 return "LCN";
4480 case B43_PHYTYPE_LCNXN:
4481 return "LCNXN";
4482 case B43_PHYTYPE_LCN40:
4483 return "LCN40";
4484 case B43_PHYTYPE_AC:
4485 return "AC";
4486 }
4487 return "UNKNOWN";
4488}
4489
4490/* Get PHY and RADIO versioning numbers */
4491static int b43_phy_versioning(struct b43_wldev *dev)
4492{
4493 struct b43_phy *phy = &dev->phy;
4494 const u8 core_rev = dev->dev->core_rev;
4495 u32 tmp;
4496 u8 analog_type;
4497 u8 phy_type;
4498 u8 phy_rev;
4499 u16 radio_manuf;
4500 u16 radio_id;
4501 u16 radio_rev;
4502 u8 radio_ver;
4503 int unsupported = 0;
4504
4505 /* Get PHY versioning */
4506 tmp = b43_read16(dev, B43_MMIO_PHY_VER);
4507 analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
4508 phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
4509 phy_rev = (tmp & B43_PHYVER_VERSION);
4510
4511 /* LCNXN is continuation of N which run out of revisions */
4512 if (phy_type == B43_PHYTYPE_LCNXN) {
4513 phy_type = B43_PHYTYPE_N;
4514 phy_rev += 16;
4515 }
4516
4517 switch (phy_type) {
4518#ifdef CONFIG_B43_PHY_G
4519 case B43_PHYTYPE_G:
4520 if (phy_rev > 9)
4521 unsupported = 1;
4522 break;
4523#endif
4524#ifdef CONFIG_B43_PHY_N
4525 case B43_PHYTYPE_N:
4526 if (phy_rev >= 19)
4527 unsupported = 1;
4528 break;
4529#endif
4530#ifdef CONFIG_B43_PHY_LP
4531 case B43_PHYTYPE_LP:
4532 if (phy_rev > 2)
4533 unsupported = 1;
4534 break;
4535#endif
4536#ifdef CONFIG_B43_PHY_HT
4537 case B43_PHYTYPE_HT:
4538 if (phy_rev > 1)
4539 unsupported = 1;
4540 break;
4541#endif
4542#ifdef CONFIG_B43_PHY_LCN
4543 case B43_PHYTYPE_LCN:
4544 if (phy_rev > 1)
4545 unsupported = 1;
4546 break;
4547#endif
4548#ifdef CONFIG_B43_PHY_AC
4549 case B43_PHYTYPE_AC:
4550 if (phy_rev > 1)
4551 unsupported = 1;
4552 break;
4553#endif
4554 default:
4555 unsupported = 1;
4556 }
4557 if (unsupported) {
4558 b43err(dev->wl, "FOUND UNSUPPORTED PHY (Analog %u, Type %d (%s), Revision %u)\n",
4559 analog_type, phy_type, b43_phy_name(dev, phy_type),
4560 phy_rev);
4561 return -EOPNOTSUPP;
4562 }
4563 b43info(dev->wl, "Found PHY: Analog %u, Type %d (%s), Revision %u\n",
4564 analog_type, phy_type, b43_phy_name(dev, phy_type), phy_rev);
4565
4566 /* Get RADIO versioning */
4567 if (core_rev == 40 || core_rev == 42) {
4568 radio_manuf = 0x17F;
4569
4570 b43_write16f(dev, B43_MMIO_RADIO24_CONTROL, 0);
4571 radio_rev = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4572
4573 b43_write16f(dev, B43_MMIO_RADIO24_CONTROL, 1);
4574 radio_id = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4575
4576 radio_ver = 0; /* Is there version somewhere? */
4577 } else if (core_rev >= 24) {
4578 u16 radio24[3];
4579
4580 for (tmp = 0; tmp < 3; tmp++) {
4581 b43_write16f(dev, B43_MMIO_RADIO24_CONTROL, tmp);
4582 radio24[tmp] = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4583 }
4584
4585 radio_manuf = 0x17F;
4586 radio_id = (radio24[2] << 8) | radio24[1];
4587 radio_rev = (radio24[0] & 0xF);
4588 radio_ver = (radio24[0] & 0xF0) >> 4;
4589 } else {
4590 if (dev->dev->chip_id == 0x4317) {
4591 if (dev->dev->chip_rev == 0)
4592 tmp = 0x3205017F;
4593 else if (dev->dev->chip_rev == 1)
4594 tmp = 0x4205017F;
4595 else
4596 tmp = 0x5205017F;
4597 } else {
4598 b43_write16f(dev, B43_MMIO_RADIO_CONTROL,
4599 B43_RADIOCTL_ID);
4600 tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
4601 b43_write16f(dev, B43_MMIO_RADIO_CONTROL,
4602 B43_RADIOCTL_ID);
4603 tmp |= b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH) << 16;
4604 }
4605 radio_manuf = (tmp & 0x00000FFF);
4606 radio_id = (tmp & 0x0FFFF000) >> 12;
4607 radio_rev = (tmp & 0xF0000000) >> 28;
4608 radio_ver = 0; /* Probably not available on old hw */
4609 }
4610
4611 if (radio_manuf != 0x17F /* Broadcom */)
4612 unsupported = 1;
4613 switch (phy_type) {
4614 case B43_PHYTYPE_B:
4615 if ((radio_id & 0xFFF0) != 0x2050)
4616 unsupported = 1;
4617 break;
4618 case B43_PHYTYPE_G:
4619 if (radio_id != 0x2050)
4620 unsupported = 1;
4621 break;
4622 case B43_PHYTYPE_N:
4623 if (radio_id != 0x2055 && radio_id != 0x2056 &&
4624 radio_id != 0x2057)
4625 unsupported = 1;
4626 if (radio_id == 0x2057 &&
4627 !(radio_rev == 9 || radio_rev == 14))
4628 unsupported = 1;
4629 break;
4630 case B43_PHYTYPE_LP:
4631 if (radio_id != 0x2062 && radio_id != 0x2063)
4632 unsupported = 1;
4633 break;
4634 case B43_PHYTYPE_HT:
4635 if (radio_id != 0x2059)
4636 unsupported = 1;
4637 break;
4638 case B43_PHYTYPE_LCN:
4639 if (radio_id != 0x2064)
4640 unsupported = 1;
4641 break;
4642 case B43_PHYTYPE_AC:
4643 if (radio_id != 0x2069)
4644 unsupported = 1;
4645 break;
4646 default:
4647 B43_WARN_ON(1);
4648 }
4649 if (unsupported) {
4650 b43err(dev->wl,
4651 "FOUND UNSUPPORTED RADIO (Manuf 0x%X, ID 0x%X, Revision %u, Version %u)\n",
4652 radio_manuf, radio_id, radio_rev, radio_ver);
4653 return -EOPNOTSUPP;
4654 }
4655 b43info(dev->wl,
4656 "Found Radio: Manuf 0x%X, ID 0x%X, Revision %u, Version %u\n",
4657 radio_manuf, radio_id, radio_rev, radio_ver);
4658
4659 /* FIXME: b43 treats "id" as "ver" and ignores the real "ver" */
4660 phy->radio_manuf = radio_manuf;
4661 phy->radio_ver = radio_id;
4662 phy->radio_rev = radio_rev;
4663
4664 phy->analog = analog_type;
4665 phy->type = phy_type;
4666 phy->rev = phy_rev;
4667
4668 return 0;
4669}
4670
4671static void setup_struct_phy_for_init(struct b43_wldev *dev,
4672 struct b43_phy *phy)
4673{
4674 phy->hardware_power_control = !!modparam_hwpctl;
4675 phy->next_txpwr_check_time = jiffies;
4676 /* PHY TX errors counter. */
4677 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
4678
4679#if B43_DEBUG
4680 phy->phy_locked = false;
4681 phy->radio_locked = false;
4682#endif
4683}
4684
4685static void setup_struct_wldev_for_init(struct b43_wldev *dev)
4686{
4687 dev->dfq_valid = false;
4688
4689 /* Assume the radio is enabled. If it's not enabled, the state will
4690 * immediately get fixed on the first periodic work run. */
4691 dev->radio_hw_enable = true;
4692
4693 /* Stats */
4694 memset(&dev->stats, 0, sizeof(dev->stats));
4695
4696 setup_struct_phy_for_init(dev, &dev->phy);
4697
4698 /* IRQ related flags */
4699 dev->irq_reason = 0;
4700 memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
4701 dev->irq_mask = B43_IRQ_MASKTEMPLATE;
4702 if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
4703 dev->irq_mask &= ~B43_IRQ_PHY_TXERR;
4704
4705 dev->mac_suspended = 1;
4706
4707 /* Noise calculation context */
4708 memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
4709}
4710
4711static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
4712{
4713 struct ssb_sprom *sprom = dev->dev->bus_sprom;
4714 u64 hf;
4715
4716 if (!modparam_btcoex)
4717 return;
4718 if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
4719 return;
4720 if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
4721 return;
4722
4723 hf = b43_hf_read(dev);
4724 if (sprom->boardflags_lo & B43_BFL_BTCMOD)
4725 hf |= B43_HF_BTCOEXALT;
4726 else
4727 hf |= B43_HF_BTCOEX;
4728 b43_hf_write(dev, hf);
4729}
4730
4731static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
4732{
4733 if (!modparam_btcoex)
4734 return;
4735 //TODO
4736}
4737
4738static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
4739{
4740 struct ssb_bus *bus;
4741 u32 tmp;
4742
4743#ifdef CONFIG_B43_SSB
4744 if (dev->dev->bus_type != B43_BUS_SSB)
4745 return;
4746#else
4747 return;
4748#endif
4749
4750 bus = dev->dev->sdev->bus;
4751
4752 if ((bus->chip_id == 0x4311 && bus->chip_rev == 2) ||
4753 (bus->chip_id == 0x4312)) {
4754 tmp = ssb_read32(dev->dev->sdev, SSB_IMCFGLO);
4755 tmp &= ~SSB_IMCFGLO_REQTO;
4756 tmp &= ~SSB_IMCFGLO_SERTO;
4757 tmp |= 0x3;
4758 ssb_write32(dev->dev->sdev, SSB_IMCFGLO, tmp);
4759 ssb_commit_settings(bus);
4760 }
4761}
4762
4763static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
4764{
4765 u16 pu_delay;
4766
4767 /* The time value is in microseconds. */
4768 pu_delay = 1050;
4769 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC) || idle)
4770 pu_delay = 500;
4771 if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
4772 pu_delay = max(pu_delay, (u16)2400);
4773
4774 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
4775}
4776
4777/* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
4778static void b43_set_pretbtt(struct b43_wldev *dev)
4779{
4780 u16 pretbtt;
4781
4782 /* The time value is in microseconds. */
4783 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
4784 pretbtt = 2;
4785 else
4786 pretbtt = 250;
4787 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
4788 b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
4789}
4790
4791/* Shutdown a wireless core */
4792/* Locking: wl->mutex */
4793static void b43_wireless_core_exit(struct b43_wldev *dev)
4794{
4795 B43_WARN_ON(dev && b43_status(dev) > B43_STAT_INITIALIZED);
4796 if (!dev || b43_status(dev) != B43_STAT_INITIALIZED)
4797 return;
4798
4799 b43_set_status(dev, B43_STAT_UNINIT);
4800
4801 /* Stop the microcode PSM. */
4802 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
4803 B43_MACCTL_PSM_JMP0);
4804
4805 switch (dev->dev->bus_type) {
4806#ifdef CONFIG_B43_BCMA
4807 case B43_BUS_BCMA:
4808 bcma_host_pci_down(dev->dev->bdev->bus);
4809 break;
4810#endif
4811#ifdef CONFIG_B43_SSB
4812 case B43_BUS_SSB:
4813 /* TODO */
4814 break;
4815#endif
4816 }
4817
4818 b43_dma_free(dev);
4819 b43_pio_free(dev);
4820 b43_chip_exit(dev);
4821 dev->phy.ops->switch_analog(dev, 0);
4822 if (dev->wl->current_beacon) {
4823 dev_kfree_skb_any(dev->wl->current_beacon);
4824 dev->wl->current_beacon = NULL;
4825 }
4826
4827 b43_device_disable(dev, 0);
4828 b43_bus_may_powerdown(dev);
4829}
4830
4831/* Initialize a wireless core */
4832static int b43_wireless_core_init(struct b43_wldev *dev)
4833{
4834 struct ssb_sprom *sprom = dev->dev->bus_sprom;
4835 struct b43_phy *phy = &dev->phy;
4836 int err;
4837 u64 hf;
4838
4839 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4840
4841 err = b43_bus_powerup(dev, 0);
4842 if (err)
4843 goto out;
4844 if (!b43_device_is_enabled(dev))
4845 b43_wireless_core_reset(dev, phy->gmode);
4846
4847 /* Reset all data structures. */
4848 setup_struct_wldev_for_init(dev);
4849 phy->ops->prepare_structs(dev);
4850
4851 /* Enable IRQ routing to this device. */
4852 switch (dev->dev->bus_type) {
4853#ifdef CONFIG_B43_BCMA
4854 case B43_BUS_BCMA:
4855 bcma_host_pci_irq_ctl(dev->dev->bdev->bus,
4856 dev->dev->bdev, true);
4857 bcma_host_pci_up(dev->dev->bdev->bus);
4858 break;
4859#endif
4860#ifdef CONFIG_B43_SSB
4861 case B43_BUS_SSB:
4862 ssb_pcicore_dev_irqvecs_enable(&dev->dev->sdev->bus->pcicore,
4863 dev->dev->sdev);
4864 break;
4865#endif
4866 }
4867
4868 b43_imcfglo_timeouts_workaround(dev);
4869 b43_bluetooth_coext_disable(dev);
4870 if (phy->ops->prepare_hardware) {
4871 err = phy->ops->prepare_hardware(dev);
4872 if (err)
4873 goto err_busdown;
4874 }
4875 err = b43_chip_init(dev);
4876 if (err)
4877 goto err_busdown;
4878 b43_shm_write16(dev, B43_SHM_SHARED,
4879 B43_SHM_SH_WLCOREREV, dev->dev->core_rev);
4880 hf = b43_hf_read(dev);
4881 if (phy->type == B43_PHYTYPE_G) {
4882 hf |= B43_HF_SYMW;
4883 if (phy->rev == 1)
4884 hf |= B43_HF_GDCW;
4885 if (sprom->boardflags_lo & B43_BFL_PACTRL)
4886 hf |= B43_HF_OFDMPABOOST;
4887 }
4888 if (phy->radio_ver == 0x2050) {
4889 if (phy->radio_rev == 6)
4890 hf |= B43_HF_4318TSSI;
4891 if (phy->radio_rev < 6)
4892 hf |= B43_HF_VCORECALC;
4893 }
4894 if (sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW)
4895 hf |= B43_HF_DSCRQ; /* Disable slowclock requests from ucode. */
4896#if defined(CONFIG_B43_SSB) && defined(CONFIG_SSB_DRIVER_PCICORE)
4897 if (dev->dev->bus_type == B43_BUS_SSB &&
4898 dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI &&
4899 dev->dev->sdev->bus->pcicore.dev->id.revision <= 10)
4900 hf |= B43_HF_PCISCW; /* PCI slow clock workaround. */
4901#endif
4902 hf &= ~B43_HF_SKCFPUP;
4903 b43_hf_write(dev, hf);
4904
4905 /* tell the ucode MAC capabilities */
4906 if (dev->dev->core_rev >= 13) {
4907 u32 mac_hw_cap = b43_read32(dev, B43_MMIO_MAC_HW_CAP);
4908
4909 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_MACHW_L,
4910 mac_hw_cap & 0xffff);
4911 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_MACHW_H,
4912 (mac_hw_cap >> 16) & 0xffff);
4913 }
4914
4915 b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4916 B43_DEFAULT_LONG_RETRY_LIMIT);
4917 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4918 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4919
4920 /* Disable sending probe responses from firmware.
4921 * Setting the MaxTime to one usec will always trigger
4922 * a timeout, so we never send any probe resp.
4923 * A timeout of zero is infinite. */
4924 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4925
4926 b43_rate_memory_init(dev);
4927 b43_set_phytxctl_defaults(dev);
4928
4929 /* Minimum Contention Window */
4930 if (phy->type == B43_PHYTYPE_B)
4931 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4932 else
4933 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4934 /* Maximum Contention Window */
4935 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4936
4937 /* write phytype and phyvers */
4938 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PHYTYPE, phy->type);
4939 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PHYVER, phy->rev);
4940
4941 if (b43_bus_host_is_pcmcia(dev->dev) ||
4942 b43_bus_host_is_sdio(dev->dev)) {
4943 dev->__using_pio_transfers = true;
4944 err = b43_pio_init(dev);
4945 } else if (dev->use_pio) {
4946 b43warn(dev->wl, "Forced PIO by use_pio module parameter. "
4947 "This should not be needed and will result in lower "
4948 "performance.\n");
4949 dev->__using_pio_transfers = true;
4950 err = b43_pio_init(dev);
4951 } else {
4952 dev->__using_pio_transfers = false;
4953 err = b43_dma_init(dev);
4954 }
4955 if (err)
4956 goto err_chip_exit;
4957 b43_qos_init(dev);
4958 b43_set_synth_pu_delay(dev, 1);
4959 b43_bluetooth_coext_enable(dev);
4960
4961 b43_bus_powerup(dev, !(sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW));
4962 b43_upload_card_macaddress(dev);
4963 b43_security_init(dev);
4964
4965 ieee80211_wake_queues(dev->wl->hw);
4966
4967 b43_set_status(dev, B43_STAT_INITIALIZED);
4968
4969out:
4970 return err;
4971
4972err_chip_exit:
4973 b43_chip_exit(dev);
4974err_busdown:
4975 b43_bus_may_powerdown(dev);
4976 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4977 return err;
4978}
4979
4980static int b43_op_add_interface(struct ieee80211_hw *hw,
4981 struct ieee80211_vif *vif)
4982{
4983 struct b43_wl *wl = hw_to_b43_wl(hw);
4984 struct b43_wldev *dev;
4985 int err = -EOPNOTSUPP;
4986
4987 /* TODO: allow WDS/AP devices to coexist */
4988
4989 if (vif->type != NL80211_IFTYPE_AP &&
4990 vif->type != NL80211_IFTYPE_MESH_POINT &&
4991 vif->type != NL80211_IFTYPE_STATION &&
4992 vif->type != NL80211_IFTYPE_WDS &&
4993 vif->type != NL80211_IFTYPE_ADHOC)
4994 return -EOPNOTSUPP;
4995
4996 mutex_lock(&wl->mutex);
4997 if (wl->operating)
4998 goto out_mutex_unlock;
4999
5000 b43dbg(wl, "Adding Interface type %d\n", vif->type);
5001
5002 dev = wl->current_dev;
5003 wl->operating = true;
5004 wl->vif = vif;
5005 wl->if_type = vif->type;
5006 memcpy(wl->mac_addr, vif->addr, ETH_ALEN);
5007
5008 b43_adjust_opmode(dev);
5009 b43_set_pretbtt(dev);
5010 b43_set_synth_pu_delay(dev, 0);
5011 b43_upload_card_macaddress(dev);
5012
5013 err = 0;
5014 out_mutex_unlock:
5015 mutex_unlock(&wl->mutex);
5016
5017 if (err == 0)
5018 b43_op_bss_info_changed(hw, vif, &vif->bss_conf, ~0);
5019
5020 return err;
5021}
5022
5023static void b43_op_remove_interface(struct ieee80211_hw *hw,
5024 struct ieee80211_vif *vif)
5025{
5026 struct b43_wl *wl = hw_to_b43_wl(hw);
5027 struct b43_wldev *dev = wl->current_dev;
5028
5029 b43dbg(wl, "Removing Interface type %d\n", vif->type);
5030
5031 mutex_lock(&wl->mutex);
5032
5033 B43_WARN_ON(!wl->operating);
5034 B43_WARN_ON(wl->vif != vif);
5035 wl->vif = NULL;
5036
5037 wl->operating = false;
5038
5039 b43_adjust_opmode(dev);
5040 eth_zero_addr(wl->mac_addr);
5041 b43_upload_card_macaddress(dev);
5042
5043 mutex_unlock(&wl->mutex);
5044}
5045
5046static int b43_op_start(struct ieee80211_hw *hw)
5047{
5048 struct b43_wl *wl = hw_to_b43_wl(hw);
5049 struct b43_wldev *dev = wl->current_dev;
5050 int did_init = 0;
5051 int err = 0;
5052
5053 /* Kill all old instance specific information to make sure
5054 * the card won't use it in the short timeframe between start
5055 * and mac80211 reconfiguring it. */
5056 eth_zero_addr(wl->bssid);
5057 eth_zero_addr(wl->mac_addr);
5058 wl->filter_flags = 0;
5059 wl->radiotap_enabled = false;
5060 b43_qos_clear(wl);
5061 wl->beacon0_uploaded = false;
5062 wl->beacon1_uploaded = false;
5063 wl->beacon_templates_virgin = true;
5064 wl->radio_enabled = true;
5065
5066 mutex_lock(&wl->mutex);
5067
5068 if (b43_status(dev) < B43_STAT_INITIALIZED) {
5069 err = b43_wireless_core_init(dev);
5070 if (err)
5071 goto out_mutex_unlock;
5072 did_init = 1;
5073 }
5074
5075 if (b43_status(dev) < B43_STAT_STARTED) {
5076 err = b43_wireless_core_start(dev);
5077 if (err) {
5078 if (did_init)
5079 b43_wireless_core_exit(dev);
5080 goto out_mutex_unlock;
5081 }
5082 }
5083
5084 /* XXX: only do if device doesn't support rfkill irq */
5085 wiphy_rfkill_start_polling(hw->wiphy);
5086
5087 out_mutex_unlock:
5088 mutex_unlock(&wl->mutex);
5089
5090 /*
5091 * Configuration may have been overwritten during initialization.
5092 * Reload the configuration, but only if initialization was
5093 * successful. Reloading the configuration after a failed init
5094 * may hang the system.
5095 */
5096 if (!err)
5097 b43_op_config(hw, ~0);
5098
5099 return err;
5100}
5101
5102static void b43_op_stop(struct ieee80211_hw *hw)
5103{
5104 struct b43_wl *wl = hw_to_b43_wl(hw);
5105 struct b43_wldev *dev = wl->current_dev;
5106
5107 cancel_work_sync(&(wl->beacon_update_trigger));
5108
5109 if (!dev)
5110 goto out;
5111
5112 mutex_lock(&wl->mutex);
5113 if (b43_status(dev) >= B43_STAT_STARTED) {
5114 dev = b43_wireless_core_stop(dev);
5115 if (!dev)
5116 goto out_unlock;
5117 }
5118 b43_wireless_core_exit(dev);
5119 wl->radio_enabled = false;
5120
5121out_unlock:
5122 mutex_unlock(&wl->mutex);
5123out:
5124 cancel_work_sync(&(wl->txpower_adjust_work));
5125}
5126
5127static int b43_op_beacon_set_tim(struct ieee80211_hw *hw,
5128 struct ieee80211_sta *sta, bool set)
5129{
5130 struct b43_wl *wl = hw_to_b43_wl(hw);
5131
5132 b43_update_templates(wl);
5133
5134 return 0;
5135}
5136
5137static void b43_op_sta_notify(struct ieee80211_hw *hw,
5138 struct ieee80211_vif *vif,
5139 enum sta_notify_cmd notify_cmd,
5140 struct ieee80211_sta *sta)
5141{
5142 struct b43_wl *wl = hw_to_b43_wl(hw);
5143
5144 B43_WARN_ON(!vif || wl->vif != vif);
5145}
5146
5147static void b43_op_sw_scan_start_notifier(struct ieee80211_hw *hw,
5148 struct ieee80211_vif *vif,
5149 const u8 *mac_addr)
5150{
5151 struct b43_wl *wl = hw_to_b43_wl(hw);
5152 struct b43_wldev *dev;
5153
5154 mutex_lock(&wl->mutex);
5155 dev = wl->current_dev;
5156 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
5157 /* Disable CFP update during scan on other channels. */
5158 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_SKCFPUP);
5159 }
5160 mutex_unlock(&wl->mutex);
5161}
5162
5163static void b43_op_sw_scan_complete_notifier(struct ieee80211_hw *hw,
5164 struct ieee80211_vif *vif)
5165{
5166 struct b43_wl *wl = hw_to_b43_wl(hw);
5167 struct b43_wldev *dev;
5168
5169 mutex_lock(&wl->mutex);
5170 dev = wl->current_dev;
5171 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
5172 /* Re-enable CFP update. */
5173 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_SKCFPUP);
5174 }
5175 mutex_unlock(&wl->mutex);
5176}
5177
5178static int b43_op_get_survey(struct ieee80211_hw *hw, int idx,
5179 struct survey_info *survey)
5180{
5181 struct b43_wl *wl = hw_to_b43_wl(hw);
5182 struct b43_wldev *dev = wl->current_dev;
5183 struct ieee80211_conf *conf = &hw->conf;
5184
5185 if (idx != 0)
5186 return -ENOENT;
5187
5188 survey->channel = conf->chandef.chan;
5189 survey->filled = SURVEY_INFO_NOISE_DBM;
5190 survey->noise = dev->stats.link_noise;
5191
5192 return 0;
5193}
5194
5195static const struct ieee80211_ops b43_hw_ops = {
5196 .tx = b43_op_tx,
5197 .conf_tx = b43_op_conf_tx,
5198 .add_interface = b43_op_add_interface,
5199 .remove_interface = b43_op_remove_interface,
5200 .config = b43_op_config,
5201 .bss_info_changed = b43_op_bss_info_changed,
5202 .configure_filter = b43_op_configure_filter,
5203 .set_key = b43_op_set_key,
5204 .update_tkip_key = b43_op_update_tkip_key,
5205 .get_stats = b43_op_get_stats,
5206 .get_tsf = b43_op_get_tsf,
5207 .set_tsf = b43_op_set_tsf,
5208 .start = b43_op_start,
5209 .stop = b43_op_stop,
5210 .set_tim = b43_op_beacon_set_tim,
5211 .sta_notify = b43_op_sta_notify,
5212 .sw_scan_start = b43_op_sw_scan_start_notifier,
5213 .sw_scan_complete = b43_op_sw_scan_complete_notifier,
5214 .get_survey = b43_op_get_survey,
5215 .rfkill_poll = b43_rfkill_poll,
5216};
5217
5218/* Hard-reset the chip. Do not call this directly.
5219 * Use b43_controller_restart()
5220 */
5221static void b43_chip_reset(struct work_struct *work)
5222{
5223 struct b43_wldev *dev =
5224 container_of(work, struct b43_wldev, restart_work);
5225 struct b43_wl *wl = dev->wl;
5226 int err = 0;
5227 int prev_status;
5228
5229 mutex_lock(&wl->mutex);
5230
5231 prev_status = b43_status(dev);
5232 /* Bring the device down... */
5233 if (prev_status >= B43_STAT_STARTED) {
5234 dev = b43_wireless_core_stop(dev);
5235 if (!dev) {
5236 err = -ENODEV;
5237 goto out;
5238 }
5239 }
5240 if (prev_status >= B43_STAT_INITIALIZED)
5241 b43_wireless_core_exit(dev);
5242
5243 /* ...and up again. */
5244 if (prev_status >= B43_STAT_INITIALIZED) {
5245 err = b43_wireless_core_init(dev);
5246 if (err)
5247 goto out;
5248 }
5249 if (prev_status >= B43_STAT_STARTED) {
5250 err = b43_wireless_core_start(dev);
5251 if (err) {
5252 b43_wireless_core_exit(dev);
5253 goto out;
5254 }
5255 }
5256out:
5257 if (err)
5258 wl->current_dev = NULL; /* Failed to init the dev. */
5259 mutex_unlock(&wl->mutex);
5260
5261 if (err) {
5262 b43err(wl, "Controller restart FAILED\n");
5263 return;
5264 }
5265
5266 /* reload configuration */
5267 b43_op_config(wl->hw, ~0);
5268 if (wl->vif)
5269 b43_op_bss_info_changed(wl->hw, wl->vif, &wl->vif->bss_conf, ~0);
5270
5271 b43info(wl, "Controller restarted\n");
5272}
5273
5274static int b43_setup_bands(struct b43_wldev *dev,
5275 bool have_2ghz_phy, bool have_5ghz_phy)
5276{
5277 struct ieee80211_hw *hw = dev->wl->hw;
5278 struct b43_phy *phy = &dev->phy;
5279 bool limited_2g;
5280 bool limited_5g;
5281
5282 /* We don't support all 2 GHz channels on some devices */
5283 limited_2g = phy->radio_ver == 0x2057 &&
5284 (phy->radio_rev == 9 || phy->radio_rev == 14);
5285 limited_5g = phy->radio_ver == 0x2057 &&
5286 phy->radio_rev == 9;
5287
5288 if (have_2ghz_phy)
5289 hw->wiphy->bands[NL80211_BAND_2GHZ] = limited_2g ?
5290 &b43_band_2ghz_limited : &b43_band_2GHz;
5291 if (dev->phy.type == B43_PHYTYPE_N) {
5292 if (have_5ghz_phy)
5293 hw->wiphy->bands[NL80211_BAND_5GHZ] = limited_5g ?
5294 &b43_band_5GHz_nphy_limited :
5295 &b43_band_5GHz_nphy;
5296 } else {
5297 if (have_5ghz_phy)
5298 hw->wiphy->bands[NL80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
5299 }
5300
5301 dev->phy.supports_2ghz = have_2ghz_phy;
5302 dev->phy.supports_5ghz = have_5ghz_phy;
5303
5304 return 0;
5305}
5306
5307static void b43_wireless_core_detach(struct b43_wldev *dev)
5308{
5309 /* We release firmware that late to not be required to re-request
5310 * is all the time when we reinit the core. */
5311 b43_release_firmware(dev);
5312 b43_phy_free(dev);
5313}
5314
5315static void b43_supported_bands(struct b43_wldev *dev, bool *have_2ghz_phy,
5316 bool *have_5ghz_phy)
5317{
5318 u16 dev_id = 0;
5319
5320#ifdef CONFIG_B43_BCMA
5321 if (dev->dev->bus_type == B43_BUS_BCMA &&
5322 dev->dev->bdev->bus->hosttype == BCMA_HOSTTYPE_PCI)
5323 dev_id = dev->dev->bdev->bus->host_pci->device;
5324#endif
5325#ifdef CONFIG_B43_SSB
5326 if (dev->dev->bus_type == B43_BUS_SSB &&
5327 dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI)
5328 dev_id = dev->dev->sdev->bus->host_pci->device;
5329#endif
5330 /* Override with SPROM value if available */
5331 if (dev->dev->bus_sprom->dev_id)
5332 dev_id = dev->dev->bus_sprom->dev_id;
5333
5334 /* Note: below IDs can be "virtual" (not maching e.g. real PCI ID) */
5335 switch (dev_id) {
5336 case 0x4324: /* BCM4306 */
5337 case 0x4312: /* BCM4311 */
5338 case 0x4319: /* BCM4318 */
5339 case 0x4328: /* BCM4321 */
5340 case 0x432b: /* BCM4322 */
5341 case 0x4350: /* BCM43222 */
5342 case 0x4353: /* BCM43224 */
5343 case 0x0576: /* BCM43224 */
5344 case 0x435f: /* BCM6362 */
5345 case 0x4331: /* BCM4331 */
5346 case 0x4359: /* BCM43228 */
5347 case 0x43a0: /* BCM4360 */
5348 case 0x43b1: /* BCM4352 */
5349 /* Dual band devices */
5350 *have_2ghz_phy = true;
5351 *have_5ghz_phy = true;
5352 return;
5353 case 0x4321: /* BCM4306 */
5354 /* There are 14e4:4321 PCI devs with 2.4 GHz BCM4321 (N-PHY) */
5355 if (dev->phy.type != B43_PHYTYPE_G)
5356 break;
5357 /* fall through */
5358 case 0x4313: /* BCM4311 */
5359 case 0x431a: /* BCM4318 */
5360 case 0x432a: /* BCM4321 */
5361 case 0x432d: /* BCM4322 */
5362 case 0x4352: /* BCM43222 */
5363 case 0x435a: /* BCM43228 */
5364 case 0x4333: /* BCM4331 */
5365 case 0x43a2: /* BCM4360 */
5366 case 0x43b3: /* BCM4352 */
5367 /* 5 GHz only devices */
5368 *have_2ghz_phy = false;
5369 *have_5ghz_phy = true;
5370 return;
5371 }
5372
5373 /* As a fallback, try to guess using PHY type */
5374 switch (dev->phy.type) {
5375 case B43_PHYTYPE_G:
5376 case B43_PHYTYPE_N:
5377 case B43_PHYTYPE_LP:
5378 case B43_PHYTYPE_HT:
5379 case B43_PHYTYPE_LCN:
5380 *have_2ghz_phy = true;
5381 *have_5ghz_phy = false;
5382 return;
5383 }
5384
5385 B43_WARN_ON(1);
5386}
5387
5388static int b43_wireless_core_attach(struct b43_wldev *dev)
5389{
5390 struct b43_wl *wl = dev->wl;
5391 struct b43_phy *phy = &dev->phy;
5392 int err;
5393 u32 tmp;
5394 bool have_2ghz_phy = false, have_5ghz_phy = false;
5395
5396 /* Do NOT do any device initialization here.
5397 * Do it in wireless_core_init() instead.
5398 * This function is for gathering basic information about the HW, only.
5399 * Also some structs may be set up here. But most likely you want to have
5400 * that in core_init(), too.
5401 */
5402
5403 err = b43_bus_powerup(dev, 0);
5404 if (err) {
5405 b43err(wl, "Bus powerup failed\n");
5406 goto out;
5407 }
5408
5409 phy->do_full_init = true;
5410
5411 /* Try to guess supported bands for the first init needs */
5412 switch (dev->dev->bus_type) {
5413#ifdef CONFIG_B43_BCMA
5414 case B43_BUS_BCMA:
5415 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOST);
5416 have_2ghz_phy = !!(tmp & B43_BCMA_IOST_2G_PHY);
5417 have_5ghz_phy = !!(tmp & B43_BCMA_IOST_5G_PHY);
5418 break;
5419#endif
5420#ifdef CONFIG_B43_SSB
5421 case B43_BUS_SSB:
5422 if (dev->dev->core_rev >= 5) {
5423 tmp = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
5424 have_2ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_2GHZ_PHY);
5425 have_5ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_5GHZ_PHY);
5426 } else
5427 B43_WARN_ON(1);
5428 break;
5429#endif
5430 }
5431
5432 dev->phy.gmode = have_2ghz_phy;
5433 b43_wireless_core_reset(dev, dev->phy.gmode);
5434
5435 /* Get the PHY type. */
5436 err = b43_phy_versioning(dev);
5437 if (err)
5438 goto err_powerdown;
5439
5440 /* Get real info about supported bands */
5441 b43_supported_bands(dev, &have_2ghz_phy, &have_5ghz_phy);
5442
5443 /* We don't support 5 GHz on some PHYs yet */
5444 if (have_5ghz_phy) {
5445 switch (dev->phy.type) {
5446 case B43_PHYTYPE_G:
5447 case B43_PHYTYPE_LP:
5448 case B43_PHYTYPE_HT:
5449 b43warn(wl, "5 GHz band is unsupported on this PHY\n");
5450 have_5ghz_phy = false;
5451 }
5452 }
5453
5454 if (!have_2ghz_phy && !have_5ghz_phy) {
5455 b43err(wl, "b43 can't support any band on this device\n");
5456 err = -EOPNOTSUPP;
5457 goto err_powerdown;
5458 }
5459
5460 err = b43_phy_allocate(dev);
5461 if (err)
5462 goto err_powerdown;
5463
5464 dev->phy.gmode = have_2ghz_phy;
5465 b43_wireless_core_reset(dev, dev->phy.gmode);
5466
5467 err = b43_validate_chipaccess(dev);
5468 if (err)
5469 goto err_phy_free;
5470 err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
5471 if (err)
5472 goto err_phy_free;
5473
5474 /* Now set some default "current_dev" */
5475 if (!wl->current_dev)
5476 wl->current_dev = dev;
5477 INIT_WORK(&dev->restart_work, b43_chip_reset);
5478
5479 dev->phy.ops->switch_analog(dev, 0);
5480 b43_device_disable(dev, 0);
5481 b43_bus_may_powerdown(dev);
5482
5483out:
5484 return err;
5485
5486err_phy_free:
5487 b43_phy_free(dev);
5488err_powerdown:
5489 b43_bus_may_powerdown(dev);
5490 return err;
5491}
5492
5493static void b43_one_core_detach(struct b43_bus_dev *dev)
5494{
5495 struct b43_wldev *wldev;
5496 struct b43_wl *wl;
5497
5498 /* Do not cancel ieee80211-workqueue based work here.
5499 * See comment in b43_remove(). */
5500
5501 wldev = b43_bus_get_wldev(dev);
5502 wl = wldev->wl;
5503 b43_debugfs_remove_device(wldev);
5504 b43_wireless_core_detach(wldev);
5505 list_del(&wldev->list);
5506 b43_bus_set_wldev(dev, NULL);
5507 kfree(wldev);
5508}
5509
5510static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl)
5511{
5512 struct b43_wldev *wldev;
5513 int err = -ENOMEM;
5514
5515 wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
5516 if (!wldev)
5517 goto out;
5518
5519 wldev->use_pio = b43_modparam_pio;
5520 wldev->dev = dev;
5521 wldev->wl = wl;
5522 b43_set_status(wldev, B43_STAT_UNINIT);
5523 wldev->bad_frames_preempt = modparam_bad_frames_preempt;
5524 INIT_LIST_HEAD(&wldev->list);
5525
5526 err = b43_wireless_core_attach(wldev);
5527 if (err)
5528 goto err_kfree_wldev;
5529
5530 b43_bus_set_wldev(dev, wldev);
5531 b43_debugfs_add_device(wldev);
5532
5533 out:
5534 return err;
5535
5536 err_kfree_wldev:
5537 kfree(wldev);
5538 return err;
5539}
5540
5541#define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice) ( \
5542 (pdev->vendor == PCI_VENDOR_ID_##_vendor) && \
5543 (pdev->device == _device) && \
5544 (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) && \
5545 (pdev->subsystem_device == _subdevice) )
5546
5547#ifdef CONFIG_B43_SSB
5548static void b43_sprom_fixup(struct ssb_bus *bus)
5549{
5550 struct pci_dev *pdev;
5551
5552 /* boardflags workarounds */
5553 if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
5554 bus->chip_id == 0x4301 && bus->sprom.board_rev == 0x74)
5555 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
5556 if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
5557 bus->boardinfo.type == 0x4E && bus->sprom.board_rev > 0x40)
5558 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
5559 if (bus->bustype == SSB_BUSTYPE_PCI) {
5560 pdev = bus->host_pci;
5561 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
5562 IS_PDEV(pdev, BROADCOM, 0x4320, DELL, 0x0003) ||
5563 IS_PDEV(pdev, BROADCOM, 0x4320, HP, 0x12f8) ||
5564 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
5565 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0014) ||
5566 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013) ||
5567 IS_PDEV(pdev, BROADCOM, 0x4320, MOTOROLA, 0x7010))
5568 bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
5569 }
5570}
5571
5572static void b43_wireless_exit(struct b43_bus_dev *dev, struct b43_wl *wl)
5573{
5574 struct ieee80211_hw *hw = wl->hw;
5575
5576 ssb_set_devtypedata(dev->sdev, NULL);
5577 ieee80211_free_hw(hw);
5578}
5579#endif
5580
5581static struct b43_wl *b43_wireless_init(struct b43_bus_dev *dev)
5582{
5583 struct ssb_sprom *sprom = dev->bus_sprom;
5584 struct ieee80211_hw *hw;
5585 struct b43_wl *wl;
5586 char chip_name[6];
5587 int queue_num;
5588
5589 hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
5590 if (!hw) {
5591 b43err(NULL, "Could not allocate ieee80211 device\n");
5592 return ERR_PTR(-ENOMEM);
5593 }
5594 wl = hw_to_b43_wl(hw);
5595
5596 /* fill hw info */
5597 ieee80211_hw_set(hw, RX_INCLUDES_FCS);
5598 ieee80211_hw_set(hw, SIGNAL_DBM);
5599
5600 hw->wiphy->interface_modes =
5601 BIT(NL80211_IFTYPE_AP) |
5602 BIT(NL80211_IFTYPE_MESH_POINT) |
5603 BIT(NL80211_IFTYPE_STATION) |
5604#ifdef CONFIG_WIRELESS_WDS
5605 BIT(NL80211_IFTYPE_WDS) |
5606#endif
5607 BIT(NL80211_IFTYPE_ADHOC);
5608
5609 hw->wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
5610
5611 wiphy_ext_feature_set(hw->wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST);
5612
5613 wl->hw_registred = false;
5614 hw->max_rates = 2;
5615 SET_IEEE80211_DEV(hw, dev->dev);
5616 if (is_valid_ether_addr(sprom->et1mac))
5617 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
5618 else
5619 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
5620
5621 /* Initialize struct b43_wl */
5622 wl->hw = hw;
5623 mutex_init(&wl->mutex);
5624 spin_lock_init(&wl->hardirq_lock);
5625 spin_lock_init(&wl->beacon_lock);
5626 INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
5627 INIT_WORK(&wl->txpower_adjust_work, b43_phy_txpower_adjust_work);
5628 INIT_WORK(&wl->tx_work, b43_tx_work);
5629
5630 /* Initialize queues and flags. */
5631 for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
5632 skb_queue_head_init(&wl->tx_queue[queue_num]);
5633 wl->tx_queue_stopped[queue_num] = 0;
5634 }
5635
5636 snprintf(chip_name, ARRAY_SIZE(chip_name),
5637 (dev->chip_id > 0x9999) ? "%d" : "%04X", dev->chip_id);
5638 b43info(wl, "Broadcom %s WLAN found (core revision %u)\n", chip_name,
5639 dev->core_rev);
5640 return wl;
5641}
5642
5643#ifdef CONFIG_B43_BCMA
5644static int b43_bcma_probe(struct bcma_device *core)
5645{
5646 struct b43_bus_dev *dev;
5647 struct b43_wl *wl;
5648 int err;
5649
5650 if (!modparam_allhwsupport &&
5651 (core->id.rev == 0x17 || core->id.rev == 0x18)) {
5652 pr_err("Support for cores revisions 0x17 and 0x18 disabled by module param allhwsupport=0. Try b43.allhwsupport=1\n");
5653 return -ENOTSUPP;
5654 }
5655
5656 dev = b43_bus_dev_bcma_init(core);
5657 if (!dev)
5658 return -ENODEV;
5659
5660 wl = b43_wireless_init(dev);
5661 if (IS_ERR(wl)) {
5662 err = PTR_ERR(wl);
5663 goto bcma_out;
5664 }
5665
5666 err = b43_one_core_attach(dev, wl);
5667 if (err)
5668 goto bcma_err_wireless_exit;
5669
5670 /* setup and start work to load firmware */
5671 INIT_WORK(&wl->firmware_load, b43_request_firmware);
5672 schedule_work(&wl->firmware_load);
5673
5674 return err;
5675
5676bcma_err_wireless_exit:
5677 ieee80211_free_hw(wl->hw);
5678bcma_out:
5679 kfree(dev);
5680 return err;
5681}
5682
5683static void b43_bcma_remove(struct bcma_device *core)
5684{
5685 struct b43_wldev *wldev = bcma_get_drvdata(core);
5686 struct b43_wl *wl = wldev->wl;
5687
5688 /* We must cancel any work here before unregistering from ieee80211,
5689 * as the ieee80211 unreg will destroy the workqueue. */
5690 cancel_work_sync(&wldev->restart_work);
5691 cancel_work_sync(&wl->firmware_load);
5692
5693 B43_WARN_ON(!wl);
5694 if (!wldev->fw.ucode.data)
5695 return; /* NULL if firmware never loaded */
5696 if (wl->current_dev == wldev && wl->hw_registred) {
5697 b43_leds_stop(wldev);
5698 ieee80211_unregister_hw(wl->hw);
5699 }
5700
5701 b43_one_core_detach(wldev->dev);
5702
5703 /* Unregister HW RNG driver */
5704 b43_rng_exit(wl);
5705
5706 b43_leds_unregister(wl);
5707 ieee80211_free_hw(wl->hw);
5708 kfree(wldev->dev);
5709}
5710
5711static struct bcma_driver b43_bcma_driver = {
5712 .name = KBUILD_MODNAME,
5713 .id_table = b43_bcma_tbl,
5714 .probe = b43_bcma_probe,
5715 .remove = b43_bcma_remove,
5716};
5717#endif
5718
5719#ifdef CONFIG_B43_SSB
5720static
5721int b43_ssb_probe(struct ssb_device *sdev, const struct ssb_device_id *id)
5722{
5723 struct b43_bus_dev *dev;
5724 struct b43_wl *wl;
5725 int err;
5726
5727 dev = b43_bus_dev_ssb_init(sdev);
5728 if (!dev)
5729 return -ENOMEM;
5730
5731 wl = ssb_get_devtypedata(sdev);
5732 if (wl) {
5733 b43err(NULL, "Dual-core devices are not supported\n");
5734 err = -ENOTSUPP;
5735 goto err_ssb_kfree_dev;
5736 }
5737
5738 b43_sprom_fixup(sdev->bus);
5739
5740 wl = b43_wireless_init(dev);
5741 if (IS_ERR(wl)) {
5742 err = PTR_ERR(wl);
5743 goto err_ssb_kfree_dev;
5744 }
5745 ssb_set_devtypedata(sdev, wl);
5746 B43_WARN_ON(ssb_get_devtypedata(sdev) != wl);
5747
5748 err = b43_one_core_attach(dev, wl);
5749 if (err)
5750 goto err_ssb_wireless_exit;
5751
5752 /* setup and start work to load firmware */
5753 INIT_WORK(&wl->firmware_load, b43_request_firmware);
5754 schedule_work(&wl->firmware_load);
5755
5756 return err;
5757
5758err_ssb_wireless_exit:
5759 b43_wireless_exit(dev, wl);
5760err_ssb_kfree_dev:
5761 kfree(dev);
5762 return err;
5763}
5764
5765static void b43_ssb_remove(struct ssb_device *sdev)
5766{
5767 struct b43_wl *wl = ssb_get_devtypedata(sdev);
5768 struct b43_wldev *wldev = ssb_get_drvdata(sdev);
5769 struct b43_bus_dev *dev = wldev->dev;
5770
5771 /* We must cancel any work here before unregistering from ieee80211,
5772 * as the ieee80211 unreg will destroy the workqueue. */
5773 cancel_work_sync(&wldev->restart_work);
5774 cancel_work_sync(&wl->firmware_load);
5775
5776 B43_WARN_ON(!wl);
5777 if (!wldev->fw.ucode.data)
5778 return; /* NULL if firmware never loaded */
5779 if (wl->current_dev == wldev && wl->hw_registred) {
5780 b43_leds_stop(wldev);
5781 ieee80211_unregister_hw(wl->hw);
5782 }
5783
5784 b43_one_core_detach(dev);
5785
5786 /* Unregister HW RNG driver */
5787 b43_rng_exit(wl);
5788
5789 b43_leds_unregister(wl);
5790 b43_wireless_exit(dev, wl);
5791 kfree(dev);
5792}
5793
5794static struct ssb_driver b43_ssb_driver = {
5795 .name = KBUILD_MODNAME,
5796 .id_table = b43_ssb_tbl,
5797 .probe = b43_ssb_probe,
5798 .remove = b43_ssb_remove,
5799};
5800#endif /* CONFIG_B43_SSB */
5801
5802/* Perform a hardware reset. This can be called from any context. */
5803void b43_controller_restart(struct b43_wldev *dev, const char *reason)
5804{
5805 /* Must avoid requeueing, if we are in shutdown. */
5806 if (b43_status(dev) < B43_STAT_INITIALIZED)
5807 return;
5808 b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
5809 ieee80211_queue_work(dev->wl->hw, &dev->restart_work);
5810}
5811
5812static void b43_print_driverinfo(void)
5813{
5814 const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
5815 *feat_leds = "", *feat_sdio = "";
5816
5817#ifdef CONFIG_B43_PCI_AUTOSELECT
5818 feat_pci = "P";
5819#endif
5820#ifdef CONFIG_B43_PCMCIA
5821 feat_pcmcia = "M";
5822#endif
5823#ifdef CONFIG_B43_PHY_N
5824 feat_nphy = "N";
5825#endif
5826#ifdef CONFIG_B43_LEDS
5827 feat_leds = "L";
5828#endif
5829#ifdef CONFIG_B43_SDIO
5830 feat_sdio = "S";
5831#endif
5832 printk(KERN_INFO "Broadcom 43xx driver loaded "
5833 "[ Features: %s%s%s%s%s ]\n",
5834 feat_pci, feat_pcmcia, feat_nphy,
5835 feat_leds, feat_sdio);
5836}
5837
5838static int __init b43_init(void)
5839{
5840 int err;
5841
5842 b43_debugfs_init();
5843 err = b43_sdio_init();
5844 if (err)
5845 goto err_dfs_exit;
5846#ifdef CONFIG_B43_BCMA
5847 err = bcma_driver_register(&b43_bcma_driver);
5848 if (err)
5849 goto err_sdio_exit;
5850#endif
5851#ifdef CONFIG_B43_SSB
5852 err = ssb_driver_register(&b43_ssb_driver);
5853 if (err)
5854 goto err_bcma_driver_exit;
5855#endif
5856 b43_print_driverinfo();
5857
5858 return err;
5859
5860#ifdef CONFIG_B43_SSB
5861err_bcma_driver_exit:
5862#endif
5863#ifdef CONFIG_B43_BCMA
5864 bcma_driver_unregister(&b43_bcma_driver);
5865err_sdio_exit:
5866#endif
5867 b43_sdio_exit();
5868err_dfs_exit:
5869 b43_debugfs_exit();
5870 return err;
5871}
5872
5873static void __exit b43_exit(void)
5874{
5875#ifdef CONFIG_B43_SSB
5876 ssb_driver_unregister(&b43_ssb_driver);
5877#endif
5878#ifdef CONFIG_B43_BCMA
5879 bcma_driver_unregister(&b43_bcma_driver);
5880#endif
5881 b43_sdio_exit();
5882 b43_debugfs_exit();
5883}
5884
5885module_init(b43_init)
5886module_exit(b43_exit)
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3
4 Broadcom B43 wireless driver
5
6 Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
7 Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
8 Copyright (c) 2005-2009 Michael Buesch <m@bues.ch>
9 Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
10 Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
11 Copyright (c) 2010-2011 Rafał Miłecki <zajec5@gmail.com>
12
13 SDIO support
14 Copyright (c) 2009 Albert Herranz <albert_herranz@yahoo.es>
15
16 Some parts of the code in this file are derived from the ipw2200
17 driver Copyright(c) 2003 - 2004 Intel Corporation.
18
19
20*/
21
22#include <linux/delay.h>
23#include <linux/init.h>
24#include <linux/module.h>
25#include <linux/if_arp.h>
26#include <linux/etherdevice.h>
27#include <linux/firmware.h>
28#include <linux/workqueue.h>
29#include <linux/skbuff.h>
30#include <linux/io.h>
31#include <linux/dma-mapping.h>
32#include <linux/slab.h>
33#include <asm/unaligned.h>
34
35#include "b43.h"
36#include "main.h"
37#include "debugfs.h"
38#include "phy_common.h"
39#include "phy_g.h"
40#include "phy_n.h"
41#include "dma.h"
42#include "pio.h"
43#include "sysfs.h"
44#include "xmit.h"
45#include "lo.h"
46#include "sdio.h"
47#include <linux/mmc/sdio_func.h>
48
49MODULE_DESCRIPTION("Broadcom B43 wireless driver");
50MODULE_AUTHOR("Martin Langer");
51MODULE_AUTHOR("Stefano Brivio");
52MODULE_AUTHOR("Michael Buesch");
53MODULE_AUTHOR("Gábor Stefanik");
54MODULE_AUTHOR("Rafał Miłecki");
55MODULE_LICENSE("GPL");
56
57MODULE_FIRMWARE("b43/ucode11.fw");
58MODULE_FIRMWARE("b43/ucode13.fw");
59MODULE_FIRMWARE("b43/ucode14.fw");
60MODULE_FIRMWARE("b43/ucode15.fw");
61MODULE_FIRMWARE("b43/ucode16_lp.fw");
62MODULE_FIRMWARE("b43/ucode16_mimo.fw");
63MODULE_FIRMWARE("b43/ucode24_lcn.fw");
64MODULE_FIRMWARE("b43/ucode25_lcn.fw");
65MODULE_FIRMWARE("b43/ucode25_mimo.fw");
66MODULE_FIRMWARE("b43/ucode26_mimo.fw");
67MODULE_FIRMWARE("b43/ucode29_mimo.fw");
68MODULE_FIRMWARE("b43/ucode33_lcn40.fw");
69MODULE_FIRMWARE("b43/ucode30_mimo.fw");
70MODULE_FIRMWARE("b43/ucode5.fw");
71MODULE_FIRMWARE("b43/ucode40.fw");
72MODULE_FIRMWARE("b43/ucode42.fw");
73MODULE_FIRMWARE("b43/ucode9.fw");
74
75static int modparam_bad_frames_preempt;
76module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
77MODULE_PARM_DESC(bad_frames_preempt,
78 "enable(1) / disable(0) Bad Frames Preemption");
79
80static char modparam_fwpostfix[16];
81module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
82MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
83
84static int modparam_hwpctl;
85module_param_named(hwpctl, modparam_hwpctl, int, 0444);
86MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
87
88static int modparam_nohwcrypt;
89module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
90MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
91
92static int modparam_hwtkip;
93module_param_named(hwtkip, modparam_hwtkip, int, 0444);
94MODULE_PARM_DESC(hwtkip, "Enable hardware tkip.");
95
96static int modparam_qos = 1;
97module_param_named(qos, modparam_qos, int, 0444);
98MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
99
100static int modparam_btcoex = 1;
101module_param_named(btcoex, modparam_btcoex, int, 0444);
102MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistence (default on)");
103
104int b43_modparam_verbose = B43_VERBOSITY_DEFAULT;
105module_param_named(verbose, b43_modparam_verbose, int, 0644);
106MODULE_PARM_DESC(verbose, "Log message verbosity: 0=error, 1=warn, 2=info(default), 3=debug");
107
108static int b43_modparam_pio = 0;
109module_param_named(pio, b43_modparam_pio, int, 0644);
110MODULE_PARM_DESC(pio, "Use PIO accesses by default: 0=DMA, 1=PIO");
111
112static int modparam_allhwsupport = !IS_ENABLED(CONFIG_BRCMSMAC);
113module_param_named(allhwsupport, modparam_allhwsupport, int, 0444);
114MODULE_PARM_DESC(allhwsupport, "Enable support for all hardware (even it if overlaps with the brcmsmac driver)");
115
116#ifdef CONFIG_B43_BCMA
117static const struct bcma_device_id b43_bcma_tbl[] = {
118 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x11, BCMA_ANY_CLASS),
119 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x15, BCMA_ANY_CLASS),
120 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x17, BCMA_ANY_CLASS),
121 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x18, BCMA_ANY_CLASS),
122 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1C, BCMA_ANY_CLASS),
123 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1D, BCMA_ANY_CLASS),
124 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1E, BCMA_ANY_CLASS),
125 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x28, BCMA_ANY_CLASS),
126 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x2A, BCMA_ANY_CLASS),
127 {},
128};
129MODULE_DEVICE_TABLE(bcma, b43_bcma_tbl);
130#endif
131
132#ifdef CONFIG_B43_SSB
133static const struct ssb_device_id b43_ssb_tbl[] = {
134 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
135 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
136 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
137 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
138 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
139 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
140 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 12),
141 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
142 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 15),
143 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 16),
144 {},
145};
146MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
147#endif
148
149/* Channel and ratetables are shared for all devices.
150 * They can't be const, because ieee80211 puts some precalculated
151 * data in there. This data is the same for all devices, so we don't
152 * get concurrency issues */
153#define RATETAB_ENT(_rateid, _flags) \
154 { \
155 .bitrate = B43_RATE_TO_BASE100KBPS(_rateid), \
156 .hw_value = (_rateid), \
157 .flags = (_flags), \
158 }
159
160/*
161 * NOTE: When changing this, sync with xmit.c's
162 * b43_plcp_get_bitrate_idx_* functions!
163 */
164static struct ieee80211_rate __b43_ratetable[] = {
165 RATETAB_ENT(B43_CCK_RATE_1MB, 0),
166 RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
167 RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
168 RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
169 RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
170 RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
171 RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
172 RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
173 RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
174 RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
175 RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
176 RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
177};
178
179#define b43_a_ratetable (__b43_ratetable + 4)
180#define b43_a_ratetable_size 8
181#define b43_b_ratetable (__b43_ratetable + 0)
182#define b43_b_ratetable_size 4
183#define b43_g_ratetable (__b43_ratetable + 0)
184#define b43_g_ratetable_size 12
185
186#define CHAN2G(_channel, _freq, _flags) { \
187 .band = NL80211_BAND_2GHZ, \
188 .center_freq = (_freq), \
189 .hw_value = (_channel), \
190 .flags = (_flags), \
191 .max_antenna_gain = 0, \
192 .max_power = 30, \
193}
194static struct ieee80211_channel b43_2ghz_chantable[] = {
195 CHAN2G(1, 2412, 0),
196 CHAN2G(2, 2417, 0),
197 CHAN2G(3, 2422, 0),
198 CHAN2G(4, 2427, 0),
199 CHAN2G(5, 2432, 0),
200 CHAN2G(6, 2437, 0),
201 CHAN2G(7, 2442, 0),
202 CHAN2G(8, 2447, 0),
203 CHAN2G(9, 2452, 0),
204 CHAN2G(10, 2457, 0),
205 CHAN2G(11, 2462, 0),
206 CHAN2G(12, 2467, 0),
207 CHAN2G(13, 2472, 0),
208 CHAN2G(14, 2484, 0),
209};
210
211/* No support for the last 3 channels (12, 13, 14) */
212#define b43_2ghz_chantable_limited_size 11
213#undef CHAN2G
214
215#define CHAN4G(_channel, _flags) { \
216 .band = NL80211_BAND_5GHZ, \
217 .center_freq = 4000 + (5 * (_channel)), \
218 .hw_value = (_channel), \
219 .flags = (_flags), \
220 .max_antenna_gain = 0, \
221 .max_power = 30, \
222}
223#define CHAN5G(_channel, _flags) { \
224 .band = NL80211_BAND_5GHZ, \
225 .center_freq = 5000 + (5 * (_channel)), \
226 .hw_value = (_channel), \
227 .flags = (_flags), \
228 .max_antenna_gain = 0, \
229 .max_power = 30, \
230}
231static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
232 CHAN4G(184, 0), CHAN4G(186, 0),
233 CHAN4G(188, 0), CHAN4G(190, 0),
234 CHAN4G(192, 0), CHAN4G(194, 0),
235 CHAN4G(196, 0), CHAN4G(198, 0),
236 CHAN4G(200, 0), CHAN4G(202, 0),
237 CHAN4G(204, 0), CHAN4G(206, 0),
238 CHAN4G(208, 0), CHAN4G(210, 0),
239 CHAN4G(212, 0), CHAN4G(214, 0),
240 CHAN4G(216, 0), CHAN4G(218, 0),
241 CHAN4G(220, 0), CHAN4G(222, 0),
242 CHAN4G(224, 0), CHAN4G(226, 0),
243 CHAN4G(228, 0),
244 CHAN5G(32, 0), CHAN5G(34, 0),
245 CHAN5G(36, 0), CHAN5G(38, 0),
246 CHAN5G(40, 0), CHAN5G(42, 0),
247 CHAN5G(44, 0), CHAN5G(46, 0),
248 CHAN5G(48, 0), CHAN5G(50, 0),
249 CHAN5G(52, 0), CHAN5G(54, 0),
250 CHAN5G(56, 0), CHAN5G(58, 0),
251 CHAN5G(60, 0), CHAN5G(62, 0),
252 CHAN5G(64, 0), CHAN5G(66, 0),
253 CHAN5G(68, 0), CHAN5G(70, 0),
254 CHAN5G(72, 0), CHAN5G(74, 0),
255 CHAN5G(76, 0), CHAN5G(78, 0),
256 CHAN5G(80, 0), CHAN5G(82, 0),
257 CHAN5G(84, 0), CHAN5G(86, 0),
258 CHAN5G(88, 0), CHAN5G(90, 0),
259 CHAN5G(92, 0), CHAN5G(94, 0),
260 CHAN5G(96, 0), CHAN5G(98, 0),
261 CHAN5G(100, 0), CHAN5G(102, 0),
262 CHAN5G(104, 0), CHAN5G(106, 0),
263 CHAN5G(108, 0), CHAN5G(110, 0),
264 CHAN5G(112, 0), CHAN5G(114, 0),
265 CHAN5G(116, 0), CHAN5G(118, 0),
266 CHAN5G(120, 0), CHAN5G(122, 0),
267 CHAN5G(124, 0), CHAN5G(126, 0),
268 CHAN5G(128, 0), CHAN5G(130, 0),
269 CHAN5G(132, 0), CHAN5G(134, 0),
270 CHAN5G(136, 0), CHAN5G(138, 0),
271 CHAN5G(140, 0), CHAN5G(142, 0),
272 CHAN5G(144, 0), CHAN5G(145, 0),
273 CHAN5G(146, 0), CHAN5G(147, 0),
274 CHAN5G(148, 0), CHAN5G(149, 0),
275 CHAN5G(150, 0), CHAN5G(151, 0),
276 CHAN5G(152, 0), CHAN5G(153, 0),
277 CHAN5G(154, 0), CHAN5G(155, 0),
278 CHAN5G(156, 0), CHAN5G(157, 0),
279 CHAN5G(158, 0), CHAN5G(159, 0),
280 CHAN5G(160, 0), CHAN5G(161, 0),
281 CHAN5G(162, 0), CHAN5G(163, 0),
282 CHAN5G(164, 0), CHAN5G(165, 0),
283 CHAN5G(166, 0), CHAN5G(168, 0),
284 CHAN5G(170, 0), CHAN5G(172, 0),
285 CHAN5G(174, 0), CHAN5G(176, 0),
286 CHAN5G(178, 0), CHAN5G(180, 0),
287 CHAN5G(182, 0),
288};
289
290static struct ieee80211_channel b43_5ghz_nphy_chantable_limited[] = {
291 CHAN5G(36, 0), CHAN5G(40, 0),
292 CHAN5G(44, 0), CHAN5G(48, 0),
293 CHAN5G(149, 0), CHAN5G(153, 0),
294 CHAN5G(157, 0), CHAN5G(161, 0),
295 CHAN5G(165, 0),
296};
297
298static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
299 CHAN5G(34, 0), CHAN5G(36, 0),
300 CHAN5G(38, 0), CHAN5G(40, 0),
301 CHAN5G(42, 0), CHAN5G(44, 0),
302 CHAN5G(46, 0), CHAN5G(48, 0),
303 CHAN5G(52, 0), CHAN5G(56, 0),
304 CHAN5G(60, 0), CHAN5G(64, 0),
305 CHAN5G(100, 0), CHAN5G(104, 0),
306 CHAN5G(108, 0), CHAN5G(112, 0),
307 CHAN5G(116, 0), CHAN5G(120, 0),
308 CHAN5G(124, 0), CHAN5G(128, 0),
309 CHAN5G(132, 0), CHAN5G(136, 0),
310 CHAN5G(140, 0), CHAN5G(149, 0),
311 CHAN5G(153, 0), CHAN5G(157, 0),
312 CHAN5G(161, 0), CHAN5G(165, 0),
313 CHAN5G(184, 0), CHAN5G(188, 0),
314 CHAN5G(192, 0), CHAN5G(196, 0),
315 CHAN5G(200, 0), CHAN5G(204, 0),
316 CHAN5G(208, 0), CHAN5G(212, 0),
317 CHAN5G(216, 0),
318};
319#undef CHAN4G
320#undef CHAN5G
321
322static struct ieee80211_supported_band b43_band_5GHz_nphy = {
323 .band = NL80211_BAND_5GHZ,
324 .channels = b43_5ghz_nphy_chantable,
325 .n_channels = ARRAY_SIZE(b43_5ghz_nphy_chantable),
326 .bitrates = b43_a_ratetable,
327 .n_bitrates = b43_a_ratetable_size,
328};
329
330static struct ieee80211_supported_band b43_band_5GHz_nphy_limited = {
331 .band = NL80211_BAND_5GHZ,
332 .channels = b43_5ghz_nphy_chantable_limited,
333 .n_channels = ARRAY_SIZE(b43_5ghz_nphy_chantable_limited),
334 .bitrates = b43_a_ratetable,
335 .n_bitrates = b43_a_ratetable_size,
336};
337
338static struct ieee80211_supported_band b43_band_5GHz_aphy = {
339 .band = NL80211_BAND_5GHZ,
340 .channels = b43_5ghz_aphy_chantable,
341 .n_channels = ARRAY_SIZE(b43_5ghz_aphy_chantable),
342 .bitrates = b43_a_ratetable,
343 .n_bitrates = b43_a_ratetable_size,
344};
345
346static struct ieee80211_supported_band b43_band_2GHz = {
347 .band = NL80211_BAND_2GHZ,
348 .channels = b43_2ghz_chantable,
349 .n_channels = ARRAY_SIZE(b43_2ghz_chantable),
350 .bitrates = b43_g_ratetable,
351 .n_bitrates = b43_g_ratetable_size,
352};
353
354static struct ieee80211_supported_band b43_band_2ghz_limited = {
355 .band = NL80211_BAND_2GHZ,
356 .channels = b43_2ghz_chantable,
357 .n_channels = b43_2ghz_chantable_limited_size,
358 .bitrates = b43_g_ratetable,
359 .n_bitrates = b43_g_ratetable_size,
360};
361
362static void b43_wireless_core_exit(struct b43_wldev *dev);
363static int b43_wireless_core_init(struct b43_wldev *dev);
364static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev);
365static int b43_wireless_core_start(struct b43_wldev *dev);
366static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
367 struct ieee80211_vif *vif,
368 struct ieee80211_bss_conf *conf,
369 u32 changed);
370
371static int b43_ratelimit(struct b43_wl *wl)
372{
373 if (!wl || !wl->current_dev)
374 return 1;
375 if (b43_status(wl->current_dev) < B43_STAT_STARTED)
376 return 1;
377 /* We are up and running.
378 * Ratelimit the messages to avoid DoS over the net. */
379 return net_ratelimit();
380}
381
382void b43info(struct b43_wl *wl, const char *fmt, ...)
383{
384 struct va_format vaf;
385 va_list args;
386
387 if (b43_modparam_verbose < B43_VERBOSITY_INFO)
388 return;
389 if (!b43_ratelimit(wl))
390 return;
391
392 va_start(args, fmt);
393
394 vaf.fmt = fmt;
395 vaf.va = &args;
396
397 printk(KERN_INFO "b43-%s: %pV",
398 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
399
400 va_end(args);
401}
402
403void b43err(struct b43_wl *wl, const char *fmt, ...)
404{
405 struct va_format vaf;
406 va_list args;
407
408 if (b43_modparam_verbose < B43_VERBOSITY_ERROR)
409 return;
410 if (!b43_ratelimit(wl))
411 return;
412
413 va_start(args, fmt);
414
415 vaf.fmt = fmt;
416 vaf.va = &args;
417
418 printk(KERN_ERR "b43-%s ERROR: %pV",
419 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
420
421 va_end(args);
422}
423
424void b43warn(struct b43_wl *wl, const char *fmt, ...)
425{
426 struct va_format vaf;
427 va_list args;
428
429 if (b43_modparam_verbose < B43_VERBOSITY_WARN)
430 return;
431 if (!b43_ratelimit(wl))
432 return;
433
434 va_start(args, fmt);
435
436 vaf.fmt = fmt;
437 vaf.va = &args;
438
439 printk(KERN_WARNING "b43-%s warning: %pV",
440 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
441
442 va_end(args);
443}
444
445void b43dbg(struct b43_wl *wl, const char *fmt, ...)
446{
447 struct va_format vaf;
448 va_list args;
449
450 if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
451 return;
452
453 va_start(args, fmt);
454
455 vaf.fmt = fmt;
456 vaf.va = &args;
457
458 printk(KERN_DEBUG "b43-%s debug: %pV",
459 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
460
461 va_end(args);
462}
463
464static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
465{
466 u32 macctl;
467
468 B43_WARN_ON(offset % 4 != 0);
469
470 macctl = b43_read32(dev, B43_MMIO_MACCTL);
471 if (macctl & B43_MACCTL_BE)
472 val = swab32(val);
473
474 b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
475 b43_write32(dev, B43_MMIO_RAM_DATA, val);
476}
477
478static inline void b43_shm_control_word(struct b43_wldev *dev,
479 u16 routing, u16 offset)
480{
481 u32 control;
482
483 /* "offset" is the WORD offset. */
484 control = routing;
485 control <<= 16;
486 control |= offset;
487 b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
488}
489
490u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
491{
492 u32 ret;
493
494 if (routing == B43_SHM_SHARED) {
495 B43_WARN_ON(offset & 0x0001);
496 if (offset & 0x0003) {
497 /* Unaligned access */
498 b43_shm_control_word(dev, routing, offset >> 2);
499 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
500 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
501 ret |= ((u32)b43_read16(dev, B43_MMIO_SHM_DATA)) << 16;
502
503 goto out;
504 }
505 offset >>= 2;
506 }
507 b43_shm_control_word(dev, routing, offset);
508 ret = b43_read32(dev, B43_MMIO_SHM_DATA);
509out:
510 return ret;
511}
512
513u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
514{
515 u16 ret;
516
517 if (routing == B43_SHM_SHARED) {
518 B43_WARN_ON(offset & 0x0001);
519 if (offset & 0x0003) {
520 /* Unaligned access */
521 b43_shm_control_word(dev, routing, offset >> 2);
522 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
523
524 goto out;
525 }
526 offset >>= 2;
527 }
528 b43_shm_control_word(dev, routing, offset);
529 ret = b43_read16(dev, B43_MMIO_SHM_DATA);
530out:
531 return ret;
532}
533
534void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
535{
536 if (routing == B43_SHM_SHARED) {
537 B43_WARN_ON(offset & 0x0001);
538 if (offset & 0x0003) {
539 /* Unaligned access */
540 b43_shm_control_word(dev, routing, offset >> 2);
541 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
542 value & 0xFFFF);
543 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
544 b43_write16(dev, B43_MMIO_SHM_DATA,
545 (value >> 16) & 0xFFFF);
546 return;
547 }
548 offset >>= 2;
549 }
550 b43_shm_control_word(dev, routing, offset);
551 b43_write32(dev, B43_MMIO_SHM_DATA, value);
552}
553
554void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
555{
556 if (routing == B43_SHM_SHARED) {
557 B43_WARN_ON(offset & 0x0001);
558 if (offset & 0x0003) {
559 /* Unaligned access */
560 b43_shm_control_word(dev, routing, offset >> 2);
561 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
562 return;
563 }
564 offset >>= 2;
565 }
566 b43_shm_control_word(dev, routing, offset);
567 b43_write16(dev, B43_MMIO_SHM_DATA, value);
568}
569
570/* Read HostFlags */
571u64 b43_hf_read(struct b43_wldev *dev)
572{
573 u64 ret;
574
575 ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3);
576 ret <<= 16;
577 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2);
578 ret <<= 16;
579 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1);
580
581 return ret;
582}
583
584/* Write HostFlags */
585void b43_hf_write(struct b43_wldev *dev, u64 value)
586{
587 u16 lo, mi, hi;
588
589 lo = (value & 0x00000000FFFFULL);
590 mi = (value & 0x0000FFFF0000ULL) >> 16;
591 hi = (value & 0xFFFF00000000ULL) >> 32;
592 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1, lo);
593 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2, mi);
594 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3, hi);
595}
596
597/* Read the firmware capabilities bitmask (Opensource firmware only) */
598static u16 b43_fwcapa_read(struct b43_wldev *dev)
599{
600 B43_WARN_ON(!dev->fw.opensource);
601 return b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_FWCAPA);
602}
603
604void b43_tsf_read(struct b43_wldev *dev, u64 *tsf)
605{
606 u32 low, high;
607
608 B43_WARN_ON(dev->dev->core_rev < 3);
609
610 /* The hardware guarantees us an atomic read, if we
611 * read the low register first. */
612 low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
613 high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
614
615 *tsf = high;
616 *tsf <<= 32;
617 *tsf |= low;
618}
619
620static void b43_time_lock(struct b43_wldev *dev)
621{
622 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_TBTTHOLD);
623 /* Commit the write */
624 b43_read32(dev, B43_MMIO_MACCTL);
625}
626
627static void b43_time_unlock(struct b43_wldev *dev)
628{
629 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_TBTTHOLD, 0);
630 /* Commit the write */
631 b43_read32(dev, B43_MMIO_MACCTL);
632}
633
634static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
635{
636 u32 low, high;
637
638 B43_WARN_ON(dev->dev->core_rev < 3);
639
640 low = tsf;
641 high = (tsf >> 32);
642 /* The hardware guarantees us an atomic write, if we
643 * write the low register first. */
644 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, low);
645 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, high);
646}
647
648void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
649{
650 b43_time_lock(dev);
651 b43_tsf_write_locked(dev, tsf);
652 b43_time_unlock(dev);
653}
654
655static
656void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 *mac)
657{
658 static const u8 zero_addr[ETH_ALEN] = { 0 };
659 u16 data;
660
661 if (!mac)
662 mac = zero_addr;
663
664 offset |= 0x0020;
665 b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
666
667 data = mac[0];
668 data |= mac[1] << 8;
669 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
670 data = mac[2];
671 data |= mac[3] << 8;
672 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
673 data = mac[4];
674 data |= mac[5] << 8;
675 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
676}
677
678static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
679{
680 const u8 *mac;
681 const u8 *bssid;
682 u8 mac_bssid[ETH_ALEN * 2];
683 int i;
684 u32 tmp;
685
686 bssid = dev->wl->bssid;
687 mac = dev->wl->mac_addr;
688
689 b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
690
691 memcpy(mac_bssid, mac, ETH_ALEN);
692 memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
693
694 /* Write our MAC address and BSSID to template ram */
695 for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
696 tmp = (u32) (mac_bssid[i + 0]);
697 tmp |= (u32) (mac_bssid[i + 1]) << 8;
698 tmp |= (u32) (mac_bssid[i + 2]) << 16;
699 tmp |= (u32) (mac_bssid[i + 3]) << 24;
700 b43_ram_write(dev, 0x20 + i, tmp);
701 }
702}
703
704static void b43_upload_card_macaddress(struct b43_wldev *dev)
705{
706 b43_write_mac_bssid_templates(dev);
707 b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
708}
709
710static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
711{
712 /* slot_time is in usec. */
713 /* This test used to exit for all but a G PHY. */
714 if (b43_current_band(dev->wl) == NL80211_BAND_5GHZ)
715 return;
716 b43_write16(dev, B43_MMIO_IFSSLOT, 510 + slot_time);
717 /* Shared memory location 0x0010 is the slot time and should be
718 * set to slot_time; however, this register is initially 0 and changing
719 * the value adversely affects the transmit rate for BCM4311
720 * devices. Until this behavior is unterstood, delete this step
721 *
722 * b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
723 */
724}
725
726static void b43_short_slot_timing_enable(struct b43_wldev *dev)
727{
728 b43_set_slot_time(dev, 9);
729}
730
731static void b43_short_slot_timing_disable(struct b43_wldev *dev)
732{
733 b43_set_slot_time(dev, 20);
734}
735
736/* DummyTransmission function, as documented on
737 * http://bcm-v4.sipsolutions.net/802.11/DummyTransmission
738 */
739void b43_dummy_transmission(struct b43_wldev *dev, bool ofdm, bool pa_on)
740{
741 struct b43_phy *phy = &dev->phy;
742 unsigned int i, max_loop;
743 u16 value;
744 u32 buffer[5] = {
745 0x00000000,
746 0x00D40000,
747 0x00000000,
748 0x01000000,
749 0x00000000,
750 };
751
752 if (ofdm) {
753 max_loop = 0x1E;
754 buffer[0] = 0x000201CC;
755 } else {
756 max_loop = 0xFA;
757 buffer[0] = 0x000B846E;
758 }
759
760 for (i = 0; i < 5; i++)
761 b43_ram_write(dev, i * 4, buffer[i]);
762
763 b43_write16(dev, B43_MMIO_XMTSEL, 0x0000);
764
765 if (dev->dev->core_rev < 11)
766 b43_write16(dev, B43_MMIO_WEPCTL, 0x0000);
767 else
768 b43_write16(dev, B43_MMIO_WEPCTL, 0x0100);
769
770 value = (ofdm ? 0x41 : 0x40);
771 b43_write16(dev, B43_MMIO_TXE0_PHYCTL, value);
772 if (phy->type == B43_PHYTYPE_N || phy->type == B43_PHYTYPE_LP ||
773 phy->type == B43_PHYTYPE_LCN)
774 b43_write16(dev, B43_MMIO_TXE0_PHYCTL1, 0x1A02);
775
776 b43_write16(dev, B43_MMIO_TXE0_WM_0, 0x0000);
777 b43_write16(dev, B43_MMIO_TXE0_WM_1, 0x0000);
778
779 b43_write16(dev, B43_MMIO_XMTTPLATETXPTR, 0x0000);
780 b43_write16(dev, B43_MMIO_XMTTXCNT, 0x0014);
781 b43_write16(dev, B43_MMIO_XMTSEL, 0x0826);
782 b43_write16(dev, B43_MMIO_TXE0_CTL, 0x0000);
783
784 if (!pa_on && phy->type == B43_PHYTYPE_N)
785 ; /*b43_nphy_pa_override(dev, false) */
786
787 switch (phy->type) {
788 case B43_PHYTYPE_N:
789 case B43_PHYTYPE_LCN:
790 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x00D0);
791 break;
792 case B43_PHYTYPE_LP:
793 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0050);
794 break;
795 default:
796 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0030);
797 }
798 b43_read16(dev, B43_MMIO_TXE0_AUX);
799
800 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
801 b43_radio_write16(dev, 0x0051, 0x0017);
802 for (i = 0x00; i < max_loop; i++) {
803 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
804 if (value & 0x0080)
805 break;
806 udelay(10);
807 }
808 for (i = 0x00; i < 0x0A; i++) {
809 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
810 if (value & 0x0400)
811 break;
812 udelay(10);
813 }
814 for (i = 0x00; i < 0x19; i++) {
815 value = b43_read16(dev, B43_MMIO_IFSSTAT);
816 if (!(value & 0x0100))
817 break;
818 udelay(10);
819 }
820 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
821 b43_radio_write16(dev, 0x0051, 0x0037);
822}
823
824static void key_write(struct b43_wldev *dev,
825 u8 index, u8 algorithm, const u8 *key)
826{
827 unsigned int i;
828 u32 offset;
829 u16 value;
830 u16 kidx;
831
832 /* Key index/algo block */
833 kidx = b43_kidx_to_fw(dev, index);
834 value = ((kidx << 4) | algorithm);
835 b43_shm_write16(dev, B43_SHM_SHARED,
836 B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
837
838 /* Write the key to the Key Table Pointer offset */
839 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
840 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
841 value = key[i];
842 value |= (u16) (key[i + 1]) << 8;
843 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
844 }
845}
846
847static void keymac_write(struct b43_wldev *dev, u8 index, const u8 *addr)
848{
849 u32 addrtmp[2] = { 0, 0, };
850 u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
851
852 if (b43_new_kidx_api(dev))
853 pairwise_keys_start = B43_NR_GROUP_KEYS;
854
855 B43_WARN_ON(index < pairwise_keys_start);
856 /* We have four default TX keys and possibly four default RX keys.
857 * Physical mac 0 is mapped to physical key 4 or 8, depending
858 * on the firmware version.
859 * So we must adjust the index here.
860 */
861 index -= pairwise_keys_start;
862 B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
863
864 if (addr) {
865 addrtmp[0] = addr[0];
866 addrtmp[0] |= ((u32) (addr[1]) << 8);
867 addrtmp[0] |= ((u32) (addr[2]) << 16);
868 addrtmp[0] |= ((u32) (addr[3]) << 24);
869 addrtmp[1] = addr[4];
870 addrtmp[1] |= ((u32) (addr[5]) << 8);
871 }
872
873 /* Receive match transmitter address (RCMTA) mechanism */
874 b43_shm_write32(dev, B43_SHM_RCMTA,
875 (index * 2) + 0, addrtmp[0]);
876 b43_shm_write16(dev, B43_SHM_RCMTA,
877 (index * 2) + 1, addrtmp[1]);
878}
879
880/* The ucode will use phase1 key with TEK key to decrypt rx packets.
881 * When a packet is received, the iv32 is checked.
882 * - if it doesn't the packet is returned without modification (and software
883 * decryption can be done). That's what happen when iv16 wrap.
884 * - if it does, the rc4 key is computed, and decryption is tried.
885 * Either it will success and B43_RX_MAC_DEC is returned,
886 * either it fails and B43_RX_MAC_DEC|B43_RX_MAC_DECERR is returned
887 * and the packet is not usable (it got modified by the ucode).
888 * So in order to never have B43_RX_MAC_DECERR, we should provide
889 * a iv32 and phase1key that match. Because we drop packets in case of
890 * B43_RX_MAC_DECERR, if we have a correct iv32 but a wrong phase1key, all
891 * packets will be lost without higher layer knowing (ie no resync possible
892 * until next wrap).
893 *
894 * NOTE : this should support 50 key like RCMTA because
895 * (B43_SHM_SH_KEYIDXBLOCK - B43_SHM_SH_TKIPTSCTTAK)/14 = 50
896 */
897static void rx_tkip_phase1_write(struct b43_wldev *dev, u8 index, u32 iv32,
898 u16 *phase1key)
899{
900 unsigned int i;
901 u32 offset;
902 u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
903
904 if (!modparam_hwtkip)
905 return;
906
907 if (b43_new_kidx_api(dev))
908 pairwise_keys_start = B43_NR_GROUP_KEYS;
909
910 B43_WARN_ON(index < pairwise_keys_start);
911 /* We have four default TX keys and possibly four default RX keys.
912 * Physical mac 0 is mapped to physical key 4 or 8, depending
913 * on the firmware version.
914 * So we must adjust the index here.
915 */
916 index -= pairwise_keys_start;
917 B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
918
919 if (b43_debug(dev, B43_DBG_KEYS)) {
920 b43dbg(dev->wl, "rx_tkip_phase1_write : idx 0x%x, iv32 0x%x\n",
921 index, iv32);
922 }
923 /* Write the key to the RX tkip shared mem */
924 offset = B43_SHM_SH_TKIPTSCTTAK + index * (10 + 4);
925 for (i = 0; i < 10; i += 2) {
926 b43_shm_write16(dev, B43_SHM_SHARED, offset + i,
927 phase1key ? phase1key[i / 2] : 0);
928 }
929 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, iv32);
930 b43_shm_write16(dev, B43_SHM_SHARED, offset + i + 2, iv32 >> 16);
931}
932
933static void b43_op_update_tkip_key(struct ieee80211_hw *hw,
934 struct ieee80211_vif *vif,
935 struct ieee80211_key_conf *keyconf,
936 struct ieee80211_sta *sta,
937 u32 iv32, u16 *phase1key)
938{
939 struct b43_wl *wl = hw_to_b43_wl(hw);
940 struct b43_wldev *dev;
941 int index = keyconf->hw_key_idx;
942
943 if (B43_WARN_ON(!modparam_hwtkip))
944 return;
945
946 /* This is only called from the RX path through mac80211, where
947 * our mutex is already locked. */
948 B43_WARN_ON(!mutex_is_locked(&wl->mutex));
949 dev = wl->current_dev;
950 B43_WARN_ON(!dev || b43_status(dev) < B43_STAT_INITIALIZED);
951
952 keymac_write(dev, index, NULL); /* First zero out mac to avoid race */
953
954 rx_tkip_phase1_write(dev, index, iv32, phase1key);
955 /* only pairwise TKIP keys are supported right now */
956 if (WARN_ON(!sta))
957 return;
958 keymac_write(dev, index, sta->addr);
959}
960
961static void do_key_write(struct b43_wldev *dev,
962 u8 index, u8 algorithm,
963 const u8 *key, size_t key_len, const u8 *mac_addr)
964{
965 u8 buf[B43_SEC_KEYSIZE] = { 0, };
966 u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
967
968 if (b43_new_kidx_api(dev))
969 pairwise_keys_start = B43_NR_GROUP_KEYS;
970
971 B43_WARN_ON(index >= ARRAY_SIZE(dev->key));
972 B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
973
974 if (index >= pairwise_keys_start)
975 keymac_write(dev, index, NULL); /* First zero out mac. */
976 if (algorithm == B43_SEC_ALGO_TKIP) {
977 /*
978 * We should provide an initial iv32, phase1key pair.
979 * We could start with iv32=0 and compute the corresponding
980 * phase1key, but this means calling ieee80211_get_tkip_key
981 * with a fake skb (or export other tkip function).
982 * Because we are lazy we hope iv32 won't start with
983 * 0xffffffff and let's b43_op_update_tkip_key provide a
984 * correct pair.
985 */
986 rx_tkip_phase1_write(dev, index, 0xffffffff, (u16*)buf);
987 } else if (index >= pairwise_keys_start) /* clear it */
988 rx_tkip_phase1_write(dev, index, 0, NULL);
989 if (key)
990 memcpy(buf, key, key_len);
991 key_write(dev, index, algorithm, buf);
992 if (index >= pairwise_keys_start)
993 keymac_write(dev, index, mac_addr);
994
995 dev->key[index].algorithm = algorithm;
996}
997
998static int b43_key_write(struct b43_wldev *dev,
999 int index, u8 algorithm,
1000 const u8 *key, size_t key_len,
1001 const u8 *mac_addr,
1002 struct ieee80211_key_conf *keyconf)
1003{
1004 int i;
1005 int pairwise_keys_start;
1006
1007 /* For ALG_TKIP the key is encoded as a 256-bit (32 byte) data block:
1008 * - Temporal Encryption Key (128 bits)
1009 * - Temporal Authenticator Tx MIC Key (64 bits)
1010 * - Temporal Authenticator Rx MIC Key (64 bits)
1011 *
1012 * Hardware only store TEK
1013 */
1014 if (algorithm == B43_SEC_ALGO_TKIP && key_len == 32)
1015 key_len = 16;
1016 if (key_len > B43_SEC_KEYSIZE)
1017 return -EINVAL;
1018 for (i = 0; i < ARRAY_SIZE(dev->key); i++) {
1019 /* Check that we don't already have this key. */
1020 B43_WARN_ON(dev->key[i].keyconf == keyconf);
1021 }
1022 if (index < 0) {
1023 /* Pairwise key. Get an empty slot for the key. */
1024 if (b43_new_kidx_api(dev))
1025 pairwise_keys_start = B43_NR_GROUP_KEYS;
1026 else
1027 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1028 for (i = pairwise_keys_start;
1029 i < pairwise_keys_start + B43_NR_PAIRWISE_KEYS;
1030 i++) {
1031 B43_WARN_ON(i >= ARRAY_SIZE(dev->key));
1032 if (!dev->key[i].keyconf) {
1033 /* found empty */
1034 index = i;
1035 break;
1036 }
1037 }
1038 if (index < 0) {
1039 b43warn(dev->wl, "Out of hardware key memory\n");
1040 return -ENOSPC;
1041 }
1042 } else
1043 B43_WARN_ON(index > 3);
1044
1045 do_key_write(dev, index, algorithm, key, key_len, mac_addr);
1046 if ((index <= 3) && !b43_new_kidx_api(dev)) {
1047 /* Default RX key */
1048 B43_WARN_ON(mac_addr);
1049 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
1050 }
1051 keyconf->hw_key_idx = index;
1052 dev->key[index].keyconf = keyconf;
1053
1054 return 0;
1055}
1056
1057static int b43_key_clear(struct b43_wldev *dev, int index)
1058{
1059 if (B43_WARN_ON((index < 0) || (index >= ARRAY_SIZE(dev->key))))
1060 return -EINVAL;
1061 do_key_write(dev, index, B43_SEC_ALGO_NONE,
1062 NULL, B43_SEC_KEYSIZE, NULL);
1063 if ((index <= 3) && !b43_new_kidx_api(dev)) {
1064 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
1065 NULL, B43_SEC_KEYSIZE, NULL);
1066 }
1067 dev->key[index].keyconf = NULL;
1068
1069 return 0;
1070}
1071
1072static void b43_clear_keys(struct b43_wldev *dev)
1073{
1074 int i, count;
1075
1076 if (b43_new_kidx_api(dev))
1077 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1078 else
1079 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1080 for (i = 0; i < count; i++)
1081 b43_key_clear(dev, i);
1082}
1083
1084static void b43_dump_keymemory(struct b43_wldev *dev)
1085{
1086 unsigned int i, index, count, offset, pairwise_keys_start;
1087 u8 mac[ETH_ALEN];
1088 u16 algo;
1089 u32 rcmta0;
1090 u16 rcmta1;
1091 u64 hf;
1092 struct b43_key *key;
1093
1094 if (!b43_debug(dev, B43_DBG_KEYS))
1095 return;
1096
1097 hf = b43_hf_read(dev);
1098 b43dbg(dev->wl, "Hardware key memory dump: USEDEFKEYS=%u\n",
1099 !!(hf & B43_HF_USEDEFKEYS));
1100 if (b43_new_kidx_api(dev)) {
1101 pairwise_keys_start = B43_NR_GROUP_KEYS;
1102 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1103 } else {
1104 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1105 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1106 }
1107 for (index = 0; index < count; index++) {
1108 key = &(dev->key[index]);
1109 printk(KERN_DEBUG "Key slot %02u: %s",
1110 index, (key->keyconf == NULL) ? " " : "*");
1111 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
1112 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
1113 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1114 printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1115 }
1116
1117 algo = b43_shm_read16(dev, B43_SHM_SHARED,
1118 B43_SHM_SH_KEYIDXBLOCK + (index * 2));
1119 printk(" Algo: %04X/%02X", algo, key->algorithm);
1120
1121 if (index >= pairwise_keys_start) {
1122 if (key->algorithm == B43_SEC_ALGO_TKIP) {
1123 printk(" TKIP: ");
1124 offset = B43_SHM_SH_TKIPTSCTTAK + (index - 4) * (10 + 4);
1125 for (i = 0; i < 14; i += 2) {
1126 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1127 printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1128 }
1129 }
1130 rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
1131 ((index - pairwise_keys_start) * 2) + 0);
1132 rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
1133 ((index - pairwise_keys_start) * 2) + 1);
1134 *((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
1135 *((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
1136 printk(" MAC: %pM", mac);
1137 } else
1138 printk(" DEFAULT KEY");
1139 printk("\n");
1140 }
1141}
1142
1143void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
1144{
1145 u32 macctl;
1146 u16 ucstat;
1147 bool hwps;
1148 bool awake;
1149 int i;
1150
1151 B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1152 (ps_flags & B43_PS_DISABLED));
1153 B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1154
1155 if (ps_flags & B43_PS_ENABLED) {
1156 hwps = true;
1157 } else if (ps_flags & B43_PS_DISABLED) {
1158 hwps = false;
1159 } else {
1160 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1161 // and thus is not an AP and we are associated, set bit 25
1162 }
1163 if (ps_flags & B43_PS_AWAKE) {
1164 awake = true;
1165 } else if (ps_flags & B43_PS_ASLEEP) {
1166 awake = false;
1167 } else {
1168 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1169 // or we are associated, or FIXME, or the latest PS-Poll packet sent was
1170 // successful, set bit26
1171 }
1172
1173/* FIXME: For now we force awake-on and hwps-off */
1174 hwps = false;
1175 awake = true;
1176
1177 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1178 if (hwps)
1179 macctl |= B43_MACCTL_HWPS;
1180 else
1181 macctl &= ~B43_MACCTL_HWPS;
1182 if (awake)
1183 macctl |= B43_MACCTL_AWAKE;
1184 else
1185 macctl &= ~B43_MACCTL_AWAKE;
1186 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1187 /* Commit write */
1188 b43_read32(dev, B43_MMIO_MACCTL);
1189 if (awake && dev->dev->core_rev >= 5) {
1190 /* Wait for the microcode to wake up. */
1191 for (i = 0; i < 100; i++) {
1192 ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1193 B43_SHM_SH_UCODESTAT);
1194 if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1195 break;
1196 udelay(10);
1197 }
1198 }
1199}
1200
1201/* http://bcm-v4.sipsolutions.net/802.11/PHY/BmacCorePllReset */
1202void b43_wireless_core_phy_pll_reset(struct b43_wldev *dev)
1203{
1204 struct bcma_drv_cc *bcma_cc __maybe_unused;
1205 struct ssb_chipcommon *ssb_cc __maybe_unused;
1206
1207 switch (dev->dev->bus_type) {
1208#ifdef CONFIG_B43_BCMA
1209 case B43_BUS_BCMA:
1210 bcma_cc = &dev->dev->bdev->bus->drv_cc;
1211
1212 bcma_cc_write32(bcma_cc, BCMA_CC_PMU_CHIPCTL_ADDR, 0);
1213 bcma_cc_mask32(bcma_cc, BCMA_CC_PMU_CHIPCTL_DATA, ~0x4);
1214 bcma_cc_set32(bcma_cc, BCMA_CC_PMU_CHIPCTL_DATA, 0x4);
1215 bcma_cc_mask32(bcma_cc, BCMA_CC_PMU_CHIPCTL_DATA, ~0x4);
1216 break;
1217#endif
1218#ifdef CONFIG_B43_SSB
1219 case B43_BUS_SSB:
1220 ssb_cc = &dev->dev->sdev->bus->chipco;
1221
1222 chipco_write32(ssb_cc, SSB_CHIPCO_CHIPCTL_ADDR, 0);
1223 chipco_mask32(ssb_cc, SSB_CHIPCO_CHIPCTL_DATA, ~0x4);
1224 chipco_set32(ssb_cc, SSB_CHIPCO_CHIPCTL_DATA, 0x4);
1225 chipco_mask32(ssb_cc, SSB_CHIPCO_CHIPCTL_DATA, ~0x4);
1226 break;
1227#endif
1228 }
1229}
1230
1231#ifdef CONFIG_B43_BCMA
1232static void b43_bcma_phy_reset(struct b43_wldev *dev)
1233{
1234 u32 flags;
1235
1236 /* Put PHY into reset */
1237 flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1238 flags |= B43_BCMA_IOCTL_PHY_RESET;
1239 flags |= B43_BCMA_IOCTL_PHY_BW_20MHZ; /* Make 20 MHz def */
1240 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1241 udelay(2);
1242
1243 b43_phy_take_out_of_reset(dev);
1244}
1245
1246static void b43_bcma_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1247{
1248 u32 req = B43_BCMA_CLKCTLST_80211_PLL_REQ |
1249 B43_BCMA_CLKCTLST_PHY_PLL_REQ;
1250 u32 status = B43_BCMA_CLKCTLST_80211_PLL_ST |
1251 B43_BCMA_CLKCTLST_PHY_PLL_ST;
1252 u32 flags;
1253
1254 flags = B43_BCMA_IOCTL_PHY_CLKEN;
1255 if (gmode)
1256 flags |= B43_BCMA_IOCTL_GMODE;
1257 b43_device_enable(dev, flags);
1258
1259 if (dev->phy.type == B43_PHYTYPE_AC) {
1260 u16 tmp;
1261
1262 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1263 tmp &= ~B43_BCMA_IOCTL_DAC;
1264 tmp |= 0x100;
1265 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
1266
1267 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1268 tmp &= ~B43_BCMA_IOCTL_PHY_CLKEN;
1269 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
1270
1271 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1272 tmp |= B43_BCMA_IOCTL_PHY_CLKEN;
1273 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
1274 }
1275
1276 bcma_core_set_clockmode(dev->dev->bdev, BCMA_CLKMODE_FAST);
1277 b43_bcma_phy_reset(dev);
1278 bcma_core_pll_ctl(dev->dev->bdev, req, status, true);
1279}
1280#endif
1281
1282#ifdef CONFIG_B43_SSB
1283static void b43_ssb_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1284{
1285 u32 flags = 0;
1286
1287 if (gmode)
1288 flags |= B43_TMSLOW_GMODE;
1289 flags |= B43_TMSLOW_PHYCLKEN;
1290 flags |= B43_TMSLOW_PHYRESET;
1291 if (dev->phy.type == B43_PHYTYPE_N)
1292 flags |= B43_TMSLOW_PHY_BANDWIDTH_20MHZ; /* Make 20 MHz def */
1293 b43_device_enable(dev, flags);
1294 msleep(2); /* Wait for the PLL to turn on. */
1295
1296 b43_phy_take_out_of_reset(dev);
1297}
1298#endif
1299
1300void b43_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1301{
1302 u32 macctl;
1303
1304 switch (dev->dev->bus_type) {
1305#ifdef CONFIG_B43_BCMA
1306 case B43_BUS_BCMA:
1307 b43_bcma_wireless_core_reset(dev, gmode);
1308 break;
1309#endif
1310#ifdef CONFIG_B43_SSB
1311 case B43_BUS_SSB:
1312 b43_ssb_wireless_core_reset(dev, gmode);
1313 break;
1314#endif
1315 }
1316
1317 /* Turn Analog ON, but only if we already know the PHY-type.
1318 * This protects against very early setup where we don't know the
1319 * PHY-type, yet. wireless_core_reset will be called once again later,
1320 * when we know the PHY-type. */
1321 if (dev->phy.ops)
1322 dev->phy.ops->switch_analog(dev, 1);
1323
1324 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1325 macctl &= ~B43_MACCTL_GMODE;
1326 if (gmode)
1327 macctl |= B43_MACCTL_GMODE;
1328 macctl |= B43_MACCTL_IHR_ENABLED;
1329 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1330}
1331
1332static void handle_irq_transmit_status(struct b43_wldev *dev)
1333{
1334 u32 v0, v1;
1335 u16 tmp;
1336 struct b43_txstatus stat;
1337
1338 while (1) {
1339 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1340 if (!(v0 & 0x00000001))
1341 break;
1342 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1343
1344 stat.cookie = (v0 >> 16);
1345 stat.seq = (v1 & 0x0000FFFF);
1346 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1347 tmp = (v0 & 0x0000FFFF);
1348 stat.frame_count = ((tmp & 0xF000) >> 12);
1349 stat.rts_count = ((tmp & 0x0F00) >> 8);
1350 stat.supp_reason = ((tmp & 0x001C) >> 2);
1351 stat.pm_indicated = !!(tmp & 0x0080);
1352 stat.intermediate = !!(tmp & 0x0040);
1353 stat.for_ampdu = !!(tmp & 0x0020);
1354 stat.acked = !!(tmp & 0x0002);
1355
1356 b43_handle_txstatus(dev, &stat);
1357 }
1358}
1359
1360static void drain_txstatus_queue(struct b43_wldev *dev)
1361{
1362 u32 dummy;
1363
1364 if (dev->dev->core_rev < 5)
1365 return;
1366 /* Read all entries from the microcode TXstatus FIFO
1367 * and throw them away.
1368 */
1369 while (1) {
1370 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1371 if (!(dummy & 0x00000001))
1372 break;
1373 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1374 }
1375}
1376
1377static u32 b43_jssi_read(struct b43_wldev *dev)
1378{
1379 u32 val = 0;
1380
1381 val = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI1);
1382 val <<= 16;
1383 val |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI0);
1384
1385 return val;
1386}
1387
1388static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1389{
1390 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI0,
1391 (jssi & 0x0000FFFF));
1392 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI1,
1393 (jssi & 0xFFFF0000) >> 16);
1394}
1395
1396static void b43_generate_noise_sample(struct b43_wldev *dev)
1397{
1398 b43_jssi_write(dev, 0x7F7F7F7F);
1399 b43_write32(dev, B43_MMIO_MACCMD,
1400 b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1401}
1402
1403static void b43_calculate_link_quality(struct b43_wldev *dev)
1404{
1405 /* Top half of Link Quality calculation. */
1406
1407 if (dev->phy.type != B43_PHYTYPE_G)
1408 return;
1409 if (dev->noisecalc.calculation_running)
1410 return;
1411 dev->noisecalc.calculation_running = true;
1412 dev->noisecalc.nr_samples = 0;
1413
1414 b43_generate_noise_sample(dev);
1415}
1416
1417static void handle_irq_noise(struct b43_wldev *dev)
1418{
1419 struct b43_phy_g *phy = dev->phy.g;
1420 u16 tmp;
1421 u8 noise[4];
1422 u8 i, j;
1423 s32 average;
1424
1425 /* Bottom half of Link Quality calculation. */
1426
1427 if (dev->phy.type != B43_PHYTYPE_G)
1428 return;
1429
1430 /* Possible race condition: It might be possible that the user
1431 * changed to a different channel in the meantime since we
1432 * started the calculation. We ignore that fact, since it's
1433 * not really that much of a problem. The background noise is
1434 * an estimation only anyway. Slightly wrong results will get damped
1435 * by the averaging of the 8 sample rounds. Additionally the
1436 * value is shortlived. So it will be replaced by the next noise
1437 * calculation round soon. */
1438
1439 B43_WARN_ON(!dev->noisecalc.calculation_running);
1440 *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1441 if (noise[0] == 0x7F || noise[1] == 0x7F ||
1442 noise[2] == 0x7F || noise[3] == 0x7F)
1443 goto generate_new;
1444
1445 /* Get the noise samples. */
1446 B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1447 i = dev->noisecalc.nr_samples;
1448 noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1449 noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1450 noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1451 noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1452 dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1453 dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1454 dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1455 dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1456 dev->noisecalc.nr_samples++;
1457 if (dev->noisecalc.nr_samples == 8) {
1458 /* Calculate the Link Quality by the noise samples. */
1459 average = 0;
1460 for (i = 0; i < 8; i++) {
1461 for (j = 0; j < 4; j++)
1462 average += dev->noisecalc.samples[i][j];
1463 }
1464 average /= (8 * 4);
1465 average *= 125;
1466 average += 64;
1467 average /= 128;
1468 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1469 tmp = (tmp / 128) & 0x1F;
1470 if (tmp >= 8)
1471 average += 2;
1472 else
1473 average -= 25;
1474 if (tmp == 8)
1475 average -= 72;
1476 else
1477 average -= 48;
1478
1479 dev->stats.link_noise = average;
1480 dev->noisecalc.calculation_running = false;
1481 return;
1482 }
1483generate_new:
1484 b43_generate_noise_sample(dev);
1485}
1486
1487static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1488{
1489 if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1490 ///TODO: PS TBTT
1491 } else {
1492 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1493 b43_power_saving_ctl_bits(dev, 0);
1494 }
1495 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1496 dev->dfq_valid = true;
1497}
1498
1499static void handle_irq_atim_end(struct b43_wldev *dev)
1500{
1501 if (dev->dfq_valid) {
1502 b43_write32(dev, B43_MMIO_MACCMD,
1503 b43_read32(dev, B43_MMIO_MACCMD)
1504 | B43_MACCMD_DFQ_VALID);
1505 dev->dfq_valid = false;
1506 }
1507}
1508
1509static void handle_irq_pmq(struct b43_wldev *dev)
1510{
1511 u32 tmp;
1512
1513 //TODO: AP mode.
1514
1515 while (1) {
1516 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1517 if (!(tmp & 0x00000008))
1518 break;
1519 }
1520 /* 16bit write is odd, but correct. */
1521 b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1522}
1523
1524static void b43_write_template_common(struct b43_wldev *dev,
1525 const u8 *data, u16 size,
1526 u16 ram_offset,
1527 u16 shm_size_offset, u8 rate)
1528{
1529 u32 i, tmp;
1530 struct b43_plcp_hdr4 plcp;
1531
1532 plcp.data = 0;
1533 b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1534 b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1535 ram_offset += sizeof(u32);
1536 /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1537 * So leave the first two bytes of the next write blank.
1538 */
1539 tmp = (u32) (data[0]) << 16;
1540 tmp |= (u32) (data[1]) << 24;
1541 b43_ram_write(dev, ram_offset, tmp);
1542 ram_offset += sizeof(u32);
1543 for (i = 2; i < size; i += sizeof(u32)) {
1544 tmp = (u32) (data[i + 0]);
1545 if (i + 1 < size)
1546 tmp |= (u32) (data[i + 1]) << 8;
1547 if (i + 2 < size)
1548 tmp |= (u32) (data[i + 2]) << 16;
1549 if (i + 3 < size)
1550 tmp |= (u32) (data[i + 3]) << 24;
1551 b43_ram_write(dev, ram_offset + i - 2, tmp);
1552 }
1553 b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1554 size + sizeof(struct b43_plcp_hdr6));
1555}
1556
1557/* Check if the use of the antenna that ieee80211 told us to
1558 * use is possible. This will fall back to DEFAULT.
1559 * "antenna_nr" is the antenna identifier we got from ieee80211. */
1560u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1561 u8 antenna_nr)
1562{
1563 u8 antenna_mask;
1564
1565 if (antenna_nr == 0) {
1566 /* Zero means "use default antenna". That's always OK. */
1567 return 0;
1568 }
1569
1570 /* Get the mask of available antennas. */
1571 if (dev->phy.gmode)
1572 antenna_mask = dev->dev->bus_sprom->ant_available_bg;
1573 else
1574 antenna_mask = dev->dev->bus_sprom->ant_available_a;
1575
1576 if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1577 /* This antenna is not available. Fall back to default. */
1578 return 0;
1579 }
1580
1581 return antenna_nr;
1582}
1583
1584/* Convert a b43 antenna number value to the PHY TX control value. */
1585static u16 b43_antenna_to_phyctl(int antenna)
1586{
1587 switch (antenna) {
1588 case B43_ANTENNA0:
1589 return B43_TXH_PHY_ANT0;
1590 case B43_ANTENNA1:
1591 return B43_TXH_PHY_ANT1;
1592 case B43_ANTENNA2:
1593 return B43_TXH_PHY_ANT2;
1594 case B43_ANTENNA3:
1595 return B43_TXH_PHY_ANT3;
1596 case B43_ANTENNA_AUTO0:
1597 case B43_ANTENNA_AUTO1:
1598 return B43_TXH_PHY_ANT01AUTO;
1599 }
1600 B43_WARN_ON(1);
1601 return 0;
1602}
1603
1604static void b43_write_beacon_template(struct b43_wldev *dev,
1605 u16 ram_offset,
1606 u16 shm_size_offset)
1607{
1608 unsigned int i, len, variable_len;
1609 const struct ieee80211_mgmt *bcn;
1610 const u8 *ie;
1611 bool tim_found = false;
1612 unsigned int rate;
1613 u16 ctl;
1614 int antenna;
1615 struct ieee80211_tx_info *info;
1616 unsigned long flags;
1617 struct sk_buff *beacon_skb;
1618
1619 spin_lock_irqsave(&dev->wl->beacon_lock, flags);
1620 info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1621 rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1622 /* Clone the beacon, so it cannot go away, while we write it to hw. */
1623 beacon_skb = skb_clone(dev->wl->current_beacon, GFP_ATOMIC);
1624 spin_unlock_irqrestore(&dev->wl->beacon_lock, flags);
1625
1626 if (!beacon_skb) {
1627 b43dbg(dev->wl, "Could not upload beacon. "
1628 "Failed to clone beacon skb.");
1629 return;
1630 }
1631
1632 bcn = (const struct ieee80211_mgmt *)(beacon_skb->data);
1633 len = min_t(size_t, beacon_skb->len,
1634 0x200 - sizeof(struct b43_plcp_hdr6));
1635
1636 b43_write_template_common(dev, (const u8 *)bcn,
1637 len, ram_offset, shm_size_offset, rate);
1638
1639 /* Write the PHY TX control parameters. */
1640 antenna = B43_ANTENNA_DEFAULT;
1641 antenna = b43_antenna_to_phyctl(antenna);
1642 ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1643 /* We can't send beacons with short preamble. Would get PHY errors. */
1644 ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1645 ctl &= ~B43_TXH_PHY_ANT;
1646 ctl &= ~B43_TXH_PHY_ENC;
1647 ctl |= antenna;
1648 if (b43_is_cck_rate(rate))
1649 ctl |= B43_TXH_PHY_ENC_CCK;
1650 else
1651 ctl |= B43_TXH_PHY_ENC_OFDM;
1652 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1653
1654 /* Find the position of the TIM and the DTIM_period value
1655 * and write them to SHM. */
1656 ie = bcn->u.beacon.variable;
1657 variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1658 for (i = 0; i < variable_len - 2; ) {
1659 uint8_t ie_id, ie_len;
1660
1661 ie_id = ie[i];
1662 ie_len = ie[i + 1];
1663 if (ie_id == 5) {
1664 u16 tim_position;
1665 u16 dtim_period;
1666 /* This is the TIM Information Element */
1667
1668 /* Check whether the ie_len is in the beacon data range. */
1669 if (variable_len < ie_len + 2 + i)
1670 break;
1671 /* A valid TIM is at least 4 bytes long. */
1672 if (ie_len < 4)
1673 break;
1674 tim_found = true;
1675
1676 tim_position = sizeof(struct b43_plcp_hdr6);
1677 tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1678 tim_position += i;
1679
1680 dtim_period = ie[i + 3];
1681
1682 b43_shm_write16(dev, B43_SHM_SHARED,
1683 B43_SHM_SH_TIMBPOS, tim_position);
1684 b43_shm_write16(dev, B43_SHM_SHARED,
1685 B43_SHM_SH_DTIMPER, dtim_period);
1686 break;
1687 }
1688 i += ie_len + 2;
1689 }
1690 if (!tim_found) {
1691 /*
1692 * If ucode wants to modify TIM do it behind the beacon, this
1693 * will happen, for example, when doing mesh networking.
1694 */
1695 b43_shm_write16(dev, B43_SHM_SHARED,
1696 B43_SHM_SH_TIMBPOS,
1697 len + sizeof(struct b43_plcp_hdr6));
1698 b43_shm_write16(dev, B43_SHM_SHARED,
1699 B43_SHM_SH_DTIMPER, 0);
1700 }
1701 b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1702
1703 dev_kfree_skb_any(beacon_skb);
1704}
1705
1706static void b43_upload_beacon0(struct b43_wldev *dev)
1707{
1708 struct b43_wl *wl = dev->wl;
1709
1710 if (wl->beacon0_uploaded)
1711 return;
1712 b43_write_beacon_template(dev, B43_SHM_SH_BT_BASE0, B43_SHM_SH_BTL0);
1713 wl->beacon0_uploaded = true;
1714}
1715
1716static void b43_upload_beacon1(struct b43_wldev *dev)
1717{
1718 struct b43_wl *wl = dev->wl;
1719
1720 if (wl->beacon1_uploaded)
1721 return;
1722 b43_write_beacon_template(dev, B43_SHM_SH_BT_BASE1, B43_SHM_SH_BTL1);
1723 wl->beacon1_uploaded = true;
1724}
1725
1726static void handle_irq_beacon(struct b43_wldev *dev)
1727{
1728 struct b43_wl *wl = dev->wl;
1729 u32 cmd, beacon0_valid, beacon1_valid;
1730
1731 if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1732 !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) &&
1733 !b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
1734 return;
1735
1736 /* This is the bottom half of the asynchronous beacon update. */
1737
1738 /* Ignore interrupt in the future. */
1739 dev->irq_mask &= ~B43_IRQ_BEACON;
1740
1741 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1742 beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1743 beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1744
1745 /* Schedule interrupt manually, if busy. */
1746 if (beacon0_valid && beacon1_valid) {
1747 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1748 dev->irq_mask |= B43_IRQ_BEACON;
1749 return;
1750 }
1751
1752 if (unlikely(wl->beacon_templates_virgin)) {
1753 /* We never uploaded a beacon before.
1754 * Upload both templates now, but only mark one valid. */
1755 wl->beacon_templates_virgin = false;
1756 b43_upload_beacon0(dev);
1757 b43_upload_beacon1(dev);
1758 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1759 cmd |= B43_MACCMD_BEACON0_VALID;
1760 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1761 } else {
1762 if (!beacon0_valid) {
1763 b43_upload_beacon0(dev);
1764 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1765 cmd |= B43_MACCMD_BEACON0_VALID;
1766 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1767 } else if (!beacon1_valid) {
1768 b43_upload_beacon1(dev);
1769 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1770 cmd |= B43_MACCMD_BEACON1_VALID;
1771 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1772 }
1773 }
1774}
1775
1776static void b43_do_beacon_update_trigger_work(struct b43_wldev *dev)
1777{
1778 u32 old_irq_mask = dev->irq_mask;
1779
1780 /* update beacon right away or defer to irq */
1781 handle_irq_beacon(dev);
1782 if (old_irq_mask != dev->irq_mask) {
1783 /* The handler updated the IRQ mask. */
1784 B43_WARN_ON(!dev->irq_mask);
1785 if (b43_read32(dev, B43_MMIO_GEN_IRQ_MASK)) {
1786 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1787 } else {
1788 /* Device interrupts are currently disabled. That means
1789 * we just ran the hardirq handler and scheduled the
1790 * IRQ thread. The thread will write the IRQ mask when
1791 * it finished, so there's nothing to do here. Writing
1792 * the mask _here_ would incorrectly re-enable IRQs. */
1793 }
1794 }
1795}
1796
1797static void b43_beacon_update_trigger_work(struct work_struct *work)
1798{
1799 struct b43_wl *wl = container_of(work, struct b43_wl,
1800 beacon_update_trigger);
1801 struct b43_wldev *dev;
1802
1803 mutex_lock(&wl->mutex);
1804 dev = wl->current_dev;
1805 if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1806 if (b43_bus_host_is_sdio(dev->dev)) {
1807 /* wl->mutex is enough. */
1808 b43_do_beacon_update_trigger_work(dev);
1809 } else {
1810 spin_lock_irq(&wl->hardirq_lock);
1811 b43_do_beacon_update_trigger_work(dev);
1812 spin_unlock_irq(&wl->hardirq_lock);
1813 }
1814 }
1815 mutex_unlock(&wl->mutex);
1816}
1817
1818/* Asynchronously update the packet templates in template RAM. */
1819static void b43_update_templates(struct b43_wl *wl)
1820{
1821 struct sk_buff *beacon, *old_beacon;
1822 unsigned long flags;
1823
1824 /* This is the top half of the asynchronous beacon update.
1825 * The bottom half is the beacon IRQ.
1826 * Beacon update must be asynchronous to avoid sending an
1827 * invalid beacon. This can happen for example, if the firmware
1828 * transmits a beacon while we are updating it. */
1829
1830 /* We could modify the existing beacon and set the aid bit in
1831 * the TIM field, but that would probably require resizing and
1832 * moving of data within the beacon template.
1833 * Simply request a new beacon and let mac80211 do the hard work. */
1834 beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1835 if (unlikely(!beacon))
1836 return;
1837
1838 spin_lock_irqsave(&wl->beacon_lock, flags);
1839 old_beacon = wl->current_beacon;
1840 wl->current_beacon = beacon;
1841 wl->beacon0_uploaded = false;
1842 wl->beacon1_uploaded = false;
1843 spin_unlock_irqrestore(&wl->beacon_lock, flags);
1844
1845 ieee80211_queue_work(wl->hw, &wl->beacon_update_trigger);
1846
1847 if (old_beacon)
1848 dev_kfree_skb_any(old_beacon);
1849}
1850
1851static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1852{
1853 b43_time_lock(dev);
1854 if (dev->dev->core_rev >= 3) {
1855 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1856 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1857 } else {
1858 b43_write16(dev, 0x606, (beacon_int >> 6));
1859 b43_write16(dev, 0x610, beacon_int);
1860 }
1861 b43_time_unlock(dev);
1862 b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1863}
1864
1865static void b43_handle_firmware_panic(struct b43_wldev *dev)
1866{
1867 u16 reason;
1868
1869 /* Read the register that contains the reason code for the panic. */
1870 reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1871 b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1872
1873 switch (reason) {
1874 default:
1875 b43dbg(dev->wl, "The panic reason is unknown.\n");
1876 /* fallthrough */
1877 case B43_FWPANIC_DIE:
1878 /* Do not restart the controller or firmware.
1879 * The device is nonfunctional from now on.
1880 * Restarting would result in this panic to trigger again,
1881 * so we avoid that recursion. */
1882 break;
1883 case B43_FWPANIC_RESTART:
1884 b43_controller_restart(dev, "Microcode panic");
1885 break;
1886 }
1887}
1888
1889static void handle_irq_ucode_debug(struct b43_wldev *dev)
1890{
1891 unsigned int i, cnt;
1892 u16 reason, marker_id, marker_line;
1893 __le16 *buf;
1894
1895 /* The proprietary firmware doesn't have this IRQ. */
1896 if (!dev->fw.opensource)
1897 return;
1898
1899 /* Read the register that contains the reason code for this IRQ. */
1900 reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1901
1902 switch (reason) {
1903 case B43_DEBUGIRQ_PANIC:
1904 b43_handle_firmware_panic(dev);
1905 break;
1906 case B43_DEBUGIRQ_DUMP_SHM:
1907 if (!B43_DEBUG)
1908 break; /* Only with driver debugging enabled. */
1909 buf = kmalloc(4096, GFP_ATOMIC);
1910 if (!buf) {
1911 b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1912 goto out;
1913 }
1914 for (i = 0; i < 4096; i += 2) {
1915 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1916 buf[i / 2] = cpu_to_le16(tmp);
1917 }
1918 b43info(dev->wl, "Shared memory dump:\n");
1919 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1920 16, 2, buf, 4096, 1);
1921 kfree(buf);
1922 break;
1923 case B43_DEBUGIRQ_DUMP_REGS:
1924 if (!B43_DEBUG)
1925 break; /* Only with driver debugging enabled. */
1926 b43info(dev->wl, "Microcode register dump:\n");
1927 for (i = 0, cnt = 0; i < 64; i++) {
1928 u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1929 if (cnt == 0)
1930 printk(KERN_INFO);
1931 printk("r%02u: 0x%04X ", i, tmp);
1932 cnt++;
1933 if (cnt == 6) {
1934 printk("\n");
1935 cnt = 0;
1936 }
1937 }
1938 printk("\n");
1939 break;
1940 case B43_DEBUGIRQ_MARKER:
1941 if (!B43_DEBUG)
1942 break; /* Only with driver debugging enabled. */
1943 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1944 B43_MARKER_ID_REG);
1945 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1946 B43_MARKER_LINE_REG);
1947 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1948 "at line number %u\n",
1949 marker_id, marker_line);
1950 break;
1951 default:
1952 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1953 reason);
1954 }
1955out:
1956 /* Acknowledge the debug-IRQ, so the firmware can continue. */
1957 b43_shm_write16(dev, B43_SHM_SCRATCH,
1958 B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1959}
1960
1961static void b43_do_interrupt_thread(struct b43_wldev *dev)
1962{
1963 u32 reason;
1964 u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1965 u32 merged_dma_reason = 0;
1966 int i;
1967
1968 if (unlikely(b43_status(dev) != B43_STAT_STARTED))
1969 return;
1970
1971 reason = dev->irq_reason;
1972 for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1973 dma_reason[i] = dev->dma_reason[i];
1974 merged_dma_reason |= dma_reason[i];
1975 }
1976
1977 if (unlikely(reason & B43_IRQ_MAC_TXERR))
1978 b43err(dev->wl, "MAC transmission error\n");
1979
1980 if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1981 b43err(dev->wl, "PHY transmission error\n");
1982 rmb();
1983 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1984 atomic_set(&dev->phy.txerr_cnt,
1985 B43_PHY_TX_BADNESS_LIMIT);
1986 b43err(dev->wl, "Too many PHY TX errors, "
1987 "restarting the controller\n");
1988 b43_controller_restart(dev, "PHY TX errors");
1989 }
1990 }
1991
1992 if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK))) {
1993 b43err(dev->wl,
1994 "Fatal DMA error: 0x%08X, 0x%08X, 0x%08X, 0x%08X, 0x%08X, 0x%08X\n",
1995 dma_reason[0], dma_reason[1],
1996 dma_reason[2], dma_reason[3],
1997 dma_reason[4], dma_reason[5]);
1998 b43err(dev->wl, "This device does not support DMA "
1999 "on your system. It will now be switched to PIO.\n");
2000 /* Fall back to PIO transfers if we get fatal DMA errors! */
2001 dev->use_pio = true;
2002 b43_controller_restart(dev, "DMA error");
2003 return;
2004 }
2005
2006 if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
2007 handle_irq_ucode_debug(dev);
2008 if (reason & B43_IRQ_TBTT_INDI)
2009 handle_irq_tbtt_indication(dev);
2010 if (reason & B43_IRQ_ATIM_END)
2011 handle_irq_atim_end(dev);
2012 if (reason & B43_IRQ_BEACON)
2013 handle_irq_beacon(dev);
2014 if (reason & B43_IRQ_PMQ)
2015 handle_irq_pmq(dev);
2016 if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
2017 ;/* TODO */
2018 if (reason & B43_IRQ_NOISESAMPLE_OK)
2019 handle_irq_noise(dev);
2020
2021 /* Check the DMA reason registers for received data. */
2022 if (dma_reason[0] & B43_DMAIRQ_RDESC_UFLOW) {
2023 if (B43_DEBUG)
2024 b43warn(dev->wl, "RX descriptor underrun\n");
2025 b43_dma_handle_rx_overflow(dev->dma.rx_ring);
2026 }
2027 if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
2028 if (b43_using_pio_transfers(dev))
2029 b43_pio_rx(dev->pio.rx_queue);
2030 else
2031 b43_dma_rx(dev->dma.rx_ring);
2032 }
2033 B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
2034 B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
2035 B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
2036 B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
2037 B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
2038
2039 if (reason & B43_IRQ_TX_OK)
2040 handle_irq_transmit_status(dev);
2041
2042 /* Re-enable interrupts on the device by restoring the current interrupt mask. */
2043 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
2044
2045#if B43_DEBUG
2046 if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
2047 dev->irq_count++;
2048 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
2049 if (reason & (1 << i))
2050 dev->irq_bit_count[i]++;
2051 }
2052 }
2053#endif
2054}
2055
2056/* Interrupt thread handler. Handles device interrupts in thread context. */
2057static irqreturn_t b43_interrupt_thread_handler(int irq, void *dev_id)
2058{
2059 struct b43_wldev *dev = dev_id;
2060
2061 mutex_lock(&dev->wl->mutex);
2062 b43_do_interrupt_thread(dev);
2063 mutex_unlock(&dev->wl->mutex);
2064
2065 return IRQ_HANDLED;
2066}
2067
2068static irqreturn_t b43_do_interrupt(struct b43_wldev *dev)
2069{
2070 u32 reason;
2071
2072 /* This code runs under wl->hardirq_lock, but _only_ on non-SDIO busses.
2073 * On SDIO, this runs under wl->mutex. */
2074
2075 reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2076 if (reason == 0xffffffff) /* shared IRQ */
2077 return IRQ_NONE;
2078 reason &= dev->irq_mask;
2079 if (!reason)
2080 return IRQ_NONE;
2081
2082 dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
2083 & 0x0001FC00;
2084 dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
2085 & 0x0000DC00;
2086 dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
2087 & 0x0000DC00;
2088 dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
2089 & 0x0001DC00;
2090 dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
2091 & 0x0000DC00;
2092/* Unused ring
2093 dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
2094 & 0x0000DC00;
2095*/
2096
2097 /* ACK the interrupt. */
2098 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
2099 b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
2100 b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
2101 b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
2102 b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
2103 b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
2104/* Unused ring
2105 b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
2106*/
2107
2108 /* Disable IRQs on the device. The IRQ thread handler will re-enable them. */
2109 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
2110 /* Save the reason bitmasks for the IRQ thread handler. */
2111 dev->irq_reason = reason;
2112
2113 return IRQ_WAKE_THREAD;
2114}
2115
2116/* Interrupt handler top-half. This runs with interrupts disabled. */
2117static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
2118{
2119 struct b43_wldev *dev = dev_id;
2120 irqreturn_t ret;
2121
2122 if (unlikely(b43_status(dev) < B43_STAT_STARTED))
2123 return IRQ_NONE;
2124
2125 spin_lock(&dev->wl->hardirq_lock);
2126 ret = b43_do_interrupt(dev);
2127 spin_unlock(&dev->wl->hardirq_lock);
2128
2129 return ret;
2130}
2131
2132/* SDIO interrupt handler. This runs in process context. */
2133static void b43_sdio_interrupt_handler(struct b43_wldev *dev)
2134{
2135 struct b43_wl *wl = dev->wl;
2136 irqreturn_t ret;
2137
2138 mutex_lock(&wl->mutex);
2139
2140 ret = b43_do_interrupt(dev);
2141 if (ret == IRQ_WAKE_THREAD)
2142 b43_do_interrupt_thread(dev);
2143
2144 mutex_unlock(&wl->mutex);
2145}
2146
2147void b43_do_release_fw(struct b43_firmware_file *fw)
2148{
2149 release_firmware(fw->data);
2150 fw->data = NULL;
2151 fw->filename = NULL;
2152}
2153
2154static void b43_release_firmware(struct b43_wldev *dev)
2155{
2156 complete(&dev->fw_load_complete);
2157 b43_do_release_fw(&dev->fw.ucode);
2158 b43_do_release_fw(&dev->fw.pcm);
2159 b43_do_release_fw(&dev->fw.initvals);
2160 b43_do_release_fw(&dev->fw.initvals_band);
2161}
2162
2163static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
2164{
2165 const char text[] =
2166 "You must go to " \
2167 "http://wireless.kernel.org/en/users/Drivers/b43#devicefirmware " \
2168 "and download the correct firmware for this driver version. " \
2169 "Please carefully read all instructions on this website.\n";
2170
2171 if (error)
2172 b43err(wl, text);
2173 else
2174 b43warn(wl, text);
2175}
2176
2177static void b43_fw_cb(const struct firmware *firmware, void *context)
2178{
2179 struct b43_request_fw_context *ctx = context;
2180
2181 ctx->blob = firmware;
2182 complete(&ctx->dev->fw_load_complete);
2183}
2184
2185int b43_do_request_fw(struct b43_request_fw_context *ctx,
2186 const char *name,
2187 struct b43_firmware_file *fw, bool async)
2188{
2189 struct b43_fw_header *hdr;
2190 u32 size;
2191 int err;
2192
2193 if (!name) {
2194 /* Don't fetch anything. Free possibly cached firmware. */
2195 /* FIXME: We should probably keep it anyway, to save some headache
2196 * on suspend/resume with multiband devices. */
2197 b43_do_release_fw(fw);
2198 return 0;
2199 }
2200 if (fw->filename) {
2201 if ((fw->type == ctx->req_type) &&
2202 (strcmp(fw->filename, name) == 0))
2203 return 0; /* Already have this fw. */
2204 /* Free the cached firmware first. */
2205 /* FIXME: We should probably do this later after we successfully
2206 * got the new fw. This could reduce headache with multiband devices.
2207 * We could also redesign this to cache the firmware for all possible
2208 * bands all the time. */
2209 b43_do_release_fw(fw);
2210 }
2211
2212 switch (ctx->req_type) {
2213 case B43_FWTYPE_PROPRIETARY:
2214 snprintf(ctx->fwname, sizeof(ctx->fwname),
2215 "b43%s/%s.fw",
2216 modparam_fwpostfix, name);
2217 break;
2218 case B43_FWTYPE_OPENSOURCE:
2219 snprintf(ctx->fwname, sizeof(ctx->fwname),
2220 "b43-open%s/%s.fw",
2221 modparam_fwpostfix, name);
2222 break;
2223 default:
2224 B43_WARN_ON(1);
2225 return -ENOSYS;
2226 }
2227 if (async) {
2228 /* do this part asynchronously */
2229 init_completion(&ctx->dev->fw_load_complete);
2230 err = request_firmware_nowait(THIS_MODULE, 1, ctx->fwname,
2231 ctx->dev->dev->dev, GFP_KERNEL,
2232 ctx, b43_fw_cb);
2233 if (err < 0) {
2234 pr_err("Unable to load firmware\n");
2235 return err;
2236 }
2237 wait_for_completion(&ctx->dev->fw_load_complete);
2238 if (ctx->blob)
2239 goto fw_ready;
2240 /* On some ARM systems, the async request will fail, but the next sync
2241 * request works. For this reason, we fall through here
2242 */
2243 }
2244 err = request_firmware(&ctx->blob, ctx->fwname,
2245 ctx->dev->dev->dev);
2246 if (err == -ENOENT) {
2247 snprintf(ctx->errors[ctx->req_type],
2248 sizeof(ctx->errors[ctx->req_type]),
2249 "Firmware file \"%s\" not found\n",
2250 ctx->fwname);
2251 return err;
2252 } else if (err) {
2253 snprintf(ctx->errors[ctx->req_type],
2254 sizeof(ctx->errors[ctx->req_type]),
2255 "Firmware file \"%s\" request failed (err=%d)\n",
2256 ctx->fwname, err);
2257 return err;
2258 }
2259fw_ready:
2260 if (ctx->blob->size < sizeof(struct b43_fw_header))
2261 goto err_format;
2262 hdr = (struct b43_fw_header *)(ctx->blob->data);
2263 switch (hdr->type) {
2264 case B43_FW_TYPE_UCODE:
2265 case B43_FW_TYPE_PCM:
2266 size = be32_to_cpu(hdr->size);
2267 if (size != ctx->blob->size - sizeof(struct b43_fw_header))
2268 goto err_format;
2269 /* fallthrough */
2270 case B43_FW_TYPE_IV:
2271 if (hdr->ver != 1)
2272 goto err_format;
2273 break;
2274 default:
2275 goto err_format;
2276 }
2277
2278 fw->data = ctx->blob;
2279 fw->filename = name;
2280 fw->type = ctx->req_type;
2281
2282 return 0;
2283
2284err_format:
2285 snprintf(ctx->errors[ctx->req_type],
2286 sizeof(ctx->errors[ctx->req_type]),
2287 "Firmware file \"%s\" format error.\n", ctx->fwname);
2288 release_firmware(ctx->blob);
2289
2290 return -EPROTO;
2291}
2292
2293/* http://bcm-v4.sipsolutions.net/802.11/Init/Firmware */
2294static int b43_try_request_fw(struct b43_request_fw_context *ctx)
2295{
2296 struct b43_wldev *dev = ctx->dev;
2297 struct b43_firmware *fw = &ctx->dev->fw;
2298 struct b43_phy *phy = &dev->phy;
2299 const u8 rev = ctx->dev->dev->core_rev;
2300 const char *filename;
2301 int err;
2302
2303 /* Get microcode */
2304 filename = NULL;
2305 switch (rev) {
2306 case 42:
2307 if (phy->type == B43_PHYTYPE_AC)
2308 filename = "ucode42";
2309 break;
2310 case 40:
2311 if (phy->type == B43_PHYTYPE_AC)
2312 filename = "ucode40";
2313 break;
2314 case 33:
2315 if (phy->type == B43_PHYTYPE_LCN40)
2316 filename = "ucode33_lcn40";
2317 break;
2318 case 30:
2319 if (phy->type == B43_PHYTYPE_N)
2320 filename = "ucode30_mimo";
2321 break;
2322 case 29:
2323 if (phy->type == B43_PHYTYPE_HT)
2324 filename = "ucode29_mimo";
2325 break;
2326 case 26:
2327 if (phy->type == B43_PHYTYPE_HT)
2328 filename = "ucode26_mimo";
2329 break;
2330 case 28:
2331 case 25:
2332 if (phy->type == B43_PHYTYPE_N)
2333 filename = "ucode25_mimo";
2334 else if (phy->type == B43_PHYTYPE_LCN)
2335 filename = "ucode25_lcn";
2336 break;
2337 case 24:
2338 if (phy->type == B43_PHYTYPE_LCN)
2339 filename = "ucode24_lcn";
2340 break;
2341 case 23:
2342 if (phy->type == B43_PHYTYPE_N)
2343 filename = "ucode16_mimo";
2344 break;
2345 case 16 ... 19:
2346 if (phy->type == B43_PHYTYPE_N)
2347 filename = "ucode16_mimo";
2348 else if (phy->type == B43_PHYTYPE_LP)
2349 filename = "ucode16_lp";
2350 break;
2351 case 15:
2352 filename = "ucode15";
2353 break;
2354 case 14:
2355 filename = "ucode14";
2356 break;
2357 case 13:
2358 filename = "ucode13";
2359 break;
2360 case 11 ... 12:
2361 filename = "ucode11";
2362 break;
2363 case 5 ... 10:
2364 filename = "ucode5";
2365 break;
2366 }
2367 if (!filename)
2368 goto err_no_ucode;
2369 err = b43_do_request_fw(ctx, filename, &fw->ucode, true);
2370 if (err)
2371 goto err_load;
2372
2373 /* Get PCM code */
2374 if ((rev >= 5) && (rev <= 10))
2375 filename = "pcm5";
2376 else if (rev >= 11)
2377 filename = NULL;
2378 else
2379 goto err_no_pcm;
2380 fw->pcm_request_failed = false;
2381 err = b43_do_request_fw(ctx, filename, &fw->pcm, false);
2382 if (err == -ENOENT) {
2383 /* We did not find a PCM file? Not fatal, but
2384 * core rev <= 10 must do without hwcrypto then. */
2385 fw->pcm_request_failed = true;
2386 } else if (err)
2387 goto err_load;
2388
2389 /* Get initvals */
2390 filename = NULL;
2391 switch (dev->phy.type) {
2392 case B43_PHYTYPE_G:
2393 if (rev == 13)
2394 filename = "b0g0initvals13";
2395 else if (rev >= 5 && rev <= 10)
2396 filename = "b0g0initvals5";
2397 break;
2398 case B43_PHYTYPE_N:
2399 if (rev == 30)
2400 filename = "n16initvals30";
2401 else if (rev == 28 || rev == 25)
2402 filename = "n0initvals25";
2403 else if (rev == 24)
2404 filename = "n0initvals24";
2405 else if (rev == 23)
2406 filename = "n0initvals16"; /* What about n0initvals22? */
2407 else if (rev >= 16 && rev <= 18)
2408 filename = "n0initvals16";
2409 else if (rev >= 11 && rev <= 12)
2410 filename = "n0initvals11";
2411 break;
2412 case B43_PHYTYPE_LP:
2413 if (rev >= 16 && rev <= 18)
2414 filename = "lp0initvals16";
2415 else if (rev == 15)
2416 filename = "lp0initvals15";
2417 else if (rev == 14)
2418 filename = "lp0initvals14";
2419 else if (rev == 13)
2420 filename = "lp0initvals13";
2421 break;
2422 case B43_PHYTYPE_HT:
2423 if (rev == 29)
2424 filename = "ht0initvals29";
2425 else if (rev == 26)
2426 filename = "ht0initvals26";
2427 break;
2428 case B43_PHYTYPE_LCN:
2429 if (rev == 24)
2430 filename = "lcn0initvals24";
2431 break;
2432 case B43_PHYTYPE_LCN40:
2433 if (rev == 33)
2434 filename = "lcn400initvals33";
2435 break;
2436 case B43_PHYTYPE_AC:
2437 if (rev == 42)
2438 filename = "ac1initvals42";
2439 else if (rev == 40)
2440 filename = "ac0initvals40";
2441 break;
2442 }
2443 if (!filename)
2444 goto err_no_initvals;
2445 err = b43_do_request_fw(ctx, filename, &fw->initvals, false);
2446 if (err)
2447 goto err_load;
2448
2449 /* Get bandswitch initvals */
2450 filename = NULL;
2451 switch (dev->phy.type) {
2452 case B43_PHYTYPE_G:
2453 if (rev == 13)
2454 filename = "b0g0bsinitvals13";
2455 else if (rev >= 5 && rev <= 10)
2456 filename = "b0g0bsinitvals5";
2457 break;
2458 case B43_PHYTYPE_N:
2459 if (rev == 30)
2460 filename = "n16bsinitvals30";
2461 else if (rev == 28 || rev == 25)
2462 filename = "n0bsinitvals25";
2463 else if (rev == 24)
2464 filename = "n0bsinitvals24";
2465 else if (rev == 23)
2466 filename = "n0bsinitvals16"; /* What about n0bsinitvals22? */
2467 else if (rev >= 16 && rev <= 18)
2468 filename = "n0bsinitvals16";
2469 else if (rev >= 11 && rev <= 12)
2470 filename = "n0bsinitvals11";
2471 break;
2472 case B43_PHYTYPE_LP:
2473 if (rev >= 16 && rev <= 18)
2474 filename = "lp0bsinitvals16";
2475 else if (rev == 15)
2476 filename = "lp0bsinitvals15";
2477 else if (rev == 14)
2478 filename = "lp0bsinitvals14";
2479 else if (rev == 13)
2480 filename = "lp0bsinitvals13";
2481 break;
2482 case B43_PHYTYPE_HT:
2483 if (rev == 29)
2484 filename = "ht0bsinitvals29";
2485 else if (rev == 26)
2486 filename = "ht0bsinitvals26";
2487 break;
2488 case B43_PHYTYPE_LCN:
2489 if (rev == 24)
2490 filename = "lcn0bsinitvals24";
2491 break;
2492 case B43_PHYTYPE_LCN40:
2493 if (rev == 33)
2494 filename = "lcn400bsinitvals33";
2495 break;
2496 case B43_PHYTYPE_AC:
2497 if (rev == 42)
2498 filename = "ac1bsinitvals42";
2499 else if (rev == 40)
2500 filename = "ac0bsinitvals40";
2501 break;
2502 }
2503 if (!filename)
2504 goto err_no_initvals;
2505 err = b43_do_request_fw(ctx, filename, &fw->initvals_band, false);
2506 if (err)
2507 goto err_load;
2508
2509 fw->opensource = (ctx->req_type == B43_FWTYPE_OPENSOURCE);
2510
2511 return 0;
2512
2513err_no_ucode:
2514 err = ctx->fatal_failure = -EOPNOTSUPP;
2515 b43err(dev->wl, "The driver does not know which firmware (ucode) "
2516 "is required for your device (wl-core rev %u)\n", rev);
2517 goto error;
2518
2519err_no_pcm:
2520 err = ctx->fatal_failure = -EOPNOTSUPP;
2521 b43err(dev->wl, "The driver does not know which firmware (PCM) "
2522 "is required for your device (wl-core rev %u)\n", rev);
2523 goto error;
2524
2525err_no_initvals:
2526 err = ctx->fatal_failure = -EOPNOTSUPP;
2527 b43err(dev->wl, "The driver does not know which firmware (initvals) "
2528 "is required for your device (wl-core rev %u)\n", rev);
2529 goto error;
2530
2531err_load:
2532 /* We failed to load this firmware image. The error message
2533 * already is in ctx->errors. Return and let our caller decide
2534 * what to do. */
2535 goto error;
2536
2537error:
2538 b43_release_firmware(dev);
2539 return err;
2540}
2541
2542static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl);
2543static void b43_one_core_detach(struct b43_bus_dev *dev);
2544static int b43_rng_init(struct b43_wl *wl);
2545
2546static void b43_request_firmware(struct work_struct *work)
2547{
2548 struct b43_wl *wl = container_of(work,
2549 struct b43_wl, firmware_load);
2550 struct b43_wldev *dev = wl->current_dev;
2551 struct b43_request_fw_context *ctx;
2552 unsigned int i;
2553 int err;
2554 const char *errmsg;
2555
2556 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
2557 if (!ctx)
2558 return;
2559 ctx->dev = dev;
2560
2561 ctx->req_type = B43_FWTYPE_PROPRIETARY;
2562 err = b43_try_request_fw(ctx);
2563 if (!err)
2564 goto start_ieee80211; /* Successfully loaded it. */
2565 /* Was fw version known? */
2566 if (ctx->fatal_failure)
2567 goto out;
2568
2569 /* proprietary fw not found, try open source */
2570 ctx->req_type = B43_FWTYPE_OPENSOURCE;
2571 err = b43_try_request_fw(ctx);
2572 if (!err)
2573 goto start_ieee80211; /* Successfully loaded it. */
2574 if(ctx->fatal_failure)
2575 goto out;
2576
2577 /* Could not find a usable firmware. Print the errors. */
2578 for (i = 0; i < B43_NR_FWTYPES; i++) {
2579 errmsg = ctx->errors[i];
2580 if (strlen(errmsg))
2581 b43err(dev->wl, "%s", errmsg);
2582 }
2583 b43_print_fw_helptext(dev->wl, 1);
2584 goto out;
2585
2586start_ieee80211:
2587 wl->hw->queues = B43_QOS_QUEUE_NUM;
2588 if (!modparam_qos || dev->fw.opensource)
2589 wl->hw->queues = 1;
2590
2591 err = ieee80211_register_hw(wl->hw);
2592 if (err)
2593 goto out;
2594 wl->hw_registered = true;
2595 b43_leds_register(wl->current_dev);
2596
2597 /* Register HW RNG driver */
2598 b43_rng_init(wl);
2599
2600out:
2601 kfree(ctx);
2602}
2603
2604static int b43_upload_microcode(struct b43_wldev *dev)
2605{
2606 struct wiphy *wiphy = dev->wl->hw->wiphy;
2607 const size_t hdr_len = sizeof(struct b43_fw_header);
2608 const __be32 *data;
2609 unsigned int i, len;
2610 u16 fwrev, fwpatch, fwdate, fwtime;
2611 u32 tmp, macctl;
2612 int err = 0;
2613
2614 /* Jump the microcode PSM to offset 0 */
2615 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2616 B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2617 macctl |= B43_MACCTL_PSM_JMP0;
2618 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2619 /* Zero out all microcode PSM registers and shared memory. */
2620 for (i = 0; i < 64; i++)
2621 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2622 for (i = 0; i < 4096; i += 2)
2623 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2624
2625 /* Upload Microcode. */
2626 data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2627 len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2628 b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2629 for (i = 0; i < len; i++) {
2630 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2631 udelay(10);
2632 }
2633
2634 if (dev->fw.pcm.data) {
2635 /* Upload PCM data. */
2636 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2637 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2638 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2639 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2640 /* No need for autoinc bit in SHM_HW */
2641 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2642 for (i = 0; i < len; i++) {
2643 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2644 udelay(10);
2645 }
2646 }
2647
2648 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2649
2650 /* Start the microcode PSM */
2651 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_JMP0,
2652 B43_MACCTL_PSM_RUN);
2653
2654 /* Wait for the microcode to load and respond */
2655 i = 0;
2656 while (1) {
2657 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2658 if (tmp == B43_IRQ_MAC_SUSPENDED)
2659 break;
2660 i++;
2661 if (i >= 20) {
2662 b43err(dev->wl, "Microcode not responding\n");
2663 b43_print_fw_helptext(dev->wl, 1);
2664 err = -ENODEV;
2665 goto error;
2666 }
2667 msleep(50);
2668 }
2669 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON); /* dummy read */
2670
2671 /* Get and check the revisions. */
2672 fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2673 fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2674 fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2675 fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2676
2677 if (fwrev <= 0x128) {
2678 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2679 "binary drivers older than version 4.x is unsupported. "
2680 "You must upgrade your firmware files.\n");
2681 b43_print_fw_helptext(dev->wl, 1);
2682 err = -EOPNOTSUPP;
2683 goto error;
2684 }
2685 dev->fw.rev = fwrev;
2686 dev->fw.patch = fwpatch;
2687 if (dev->fw.rev >= 598)
2688 dev->fw.hdr_format = B43_FW_HDR_598;
2689 else if (dev->fw.rev >= 410)
2690 dev->fw.hdr_format = B43_FW_HDR_410;
2691 else
2692 dev->fw.hdr_format = B43_FW_HDR_351;
2693 WARN_ON(dev->fw.opensource != (fwdate == 0xFFFF));
2694
2695 dev->qos_enabled = dev->wl->hw->queues > 1;
2696 /* Default to firmware/hardware crypto acceleration. */
2697 dev->hwcrypto_enabled = true;
2698
2699 if (dev->fw.opensource) {
2700 u16 fwcapa;
2701
2702 /* Patchlevel info is encoded in the "time" field. */
2703 dev->fw.patch = fwtime;
2704 b43info(dev->wl, "Loading OpenSource firmware version %u.%u\n",
2705 dev->fw.rev, dev->fw.patch);
2706
2707 fwcapa = b43_fwcapa_read(dev);
2708 if (!(fwcapa & B43_FWCAPA_HWCRYPTO) || dev->fw.pcm_request_failed) {
2709 b43info(dev->wl, "Hardware crypto acceleration not supported by firmware\n");
2710 /* Disable hardware crypto and fall back to software crypto. */
2711 dev->hwcrypto_enabled = false;
2712 }
2713 /* adding QoS support should use an offline discovery mechanism */
2714 WARN(fwcapa & B43_FWCAPA_QOS, "QoS in OpenFW not supported\n");
2715 } else {
2716 b43info(dev->wl, "Loading firmware version %u.%u "
2717 "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2718 fwrev, fwpatch,
2719 (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2720 (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2721 if (dev->fw.pcm_request_failed) {
2722 b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2723 "Hardware accelerated cryptography is disabled.\n");
2724 b43_print_fw_helptext(dev->wl, 0);
2725 }
2726 }
2727
2728 snprintf(wiphy->fw_version, sizeof(wiphy->fw_version), "%u.%u",
2729 dev->fw.rev, dev->fw.patch);
2730 wiphy->hw_version = dev->dev->core_id;
2731
2732 if (dev->fw.hdr_format == B43_FW_HDR_351) {
2733 /* We're over the deadline, but we keep support for old fw
2734 * until it turns out to be in major conflict with something new. */
2735 b43warn(dev->wl, "You are using an old firmware image. "
2736 "Support for old firmware will be removed soon "
2737 "(official deadline was July 2008).\n");
2738 b43_print_fw_helptext(dev->wl, 0);
2739 }
2740
2741 return 0;
2742
2743error:
2744 /* Stop the microcode PSM. */
2745 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
2746 B43_MACCTL_PSM_JMP0);
2747
2748 return err;
2749}
2750
2751static int b43_write_initvals(struct b43_wldev *dev,
2752 const struct b43_iv *ivals,
2753 size_t count,
2754 size_t array_size)
2755{
2756 const struct b43_iv *iv;
2757 u16 offset;
2758 size_t i;
2759 bool bit32;
2760
2761 BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2762 iv = ivals;
2763 for (i = 0; i < count; i++) {
2764 if (array_size < sizeof(iv->offset_size))
2765 goto err_format;
2766 array_size -= sizeof(iv->offset_size);
2767 offset = be16_to_cpu(iv->offset_size);
2768 bit32 = !!(offset & B43_IV_32BIT);
2769 offset &= B43_IV_OFFSET_MASK;
2770 if (offset >= 0x1000)
2771 goto err_format;
2772 if (bit32) {
2773 u32 value;
2774
2775 if (array_size < sizeof(iv->data.d32))
2776 goto err_format;
2777 array_size -= sizeof(iv->data.d32);
2778
2779 value = get_unaligned_be32(&iv->data.d32);
2780 b43_write32(dev, offset, value);
2781
2782 iv = (const struct b43_iv *)((const uint8_t *)iv +
2783 sizeof(__be16) +
2784 sizeof(__be32));
2785 } else {
2786 u16 value;
2787
2788 if (array_size < sizeof(iv->data.d16))
2789 goto err_format;
2790 array_size -= sizeof(iv->data.d16);
2791
2792 value = be16_to_cpu(iv->data.d16);
2793 b43_write16(dev, offset, value);
2794
2795 iv = (const struct b43_iv *)((const uint8_t *)iv +
2796 sizeof(__be16) +
2797 sizeof(__be16));
2798 }
2799 }
2800 if (array_size)
2801 goto err_format;
2802
2803 return 0;
2804
2805err_format:
2806 b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2807 b43_print_fw_helptext(dev->wl, 1);
2808
2809 return -EPROTO;
2810}
2811
2812static int b43_upload_initvals(struct b43_wldev *dev)
2813{
2814 const size_t hdr_len = sizeof(struct b43_fw_header);
2815 const struct b43_fw_header *hdr;
2816 struct b43_firmware *fw = &dev->fw;
2817 const struct b43_iv *ivals;
2818 size_t count;
2819
2820 hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2821 ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2822 count = be32_to_cpu(hdr->size);
2823 return b43_write_initvals(dev, ivals, count,
2824 fw->initvals.data->size - hdr_len);
2825}
2826
2827static int b43_upload_initvals_band(struct b43_wldev *dev)
2828{
2829 const size_t hdr_len = sizeof(struct b43_fw_header);
2830 const struct b43_fw_header *hdr;
2831 struct b43_firmware *fw = &dev->fw;
2832 const struct b43_iv *ivals;
2833 size_t count;
2834
2835 if (!fw->initvals_band.data)
2836 return 0;
2837
2838 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2839 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2840 count = be32_to_cpu(hdr->size);
2841 return b43_write_initvals(dev, ivals, count,
2842 fw->initvals_band.data->size - hdr_len);
2843}
2844
2845/* Initialize the GPIOs
2846 * http://bcm-specs.sipsolutions.net/GPIO
2847 */
2848
2849#ifdef CONFIG_B43_SSB
2850static struct ssb_device *b43_ssb_gpio_dev(struct b43_wldev *dev)
2851{
2852 struct ssb_bus *bus = dev->dev->sdev->bus;
2853
2854#ifdef CONFIG_SSB_DRIVER_PCICORE
2855 return (bus->chipco.dev ? bus->chipco.dev : bus->pcicore.dev);
2856#else
2857 return bus->chipco.dev;
2858#endif
2859}
2860#endif
2861
2862static int b43_gpio_init(struct b43_wldev *dev)
2863{
2864#ifdef CONFIG_B43_SSB
2865 struct ssb_device *gpiodev;
2866#endif
2867 u32 mask, set;
2868
2869 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_GPOUTSMSK, 0);
2870 b43_maskset16(dev, B43_MMIO_GPIO_MASK, ~0, 0xF);
2871
2872 mask = 0x0000001F;
2873 set = 0x0000000F;
2874 if (dev->dev->chip_id == 0x4301) {
2875 mask |= 0x0060;
2876 set |= 0x0060;
2877 } else if (dev->dev->chip_id == 0x5354) {
2878 /* Don't allow overtaking buttons GPIOs */
2879 set &= 0x2; /* 0x2 is LED GPIO on BCM5354 */
2880 }
2881
2882 if (0 /* FIXME: conditional unknown */ ) {
2883 b43_write16(dev, B43_MMIO_GPIO_MASK,
2884 b43_read16(dev, B43_MMIO_GPIO_MASK)
2885 | 0x0100);
2886 /* BT Coexistance Input */
2887 mask |= 0x0080;
2888 set |= 0x0080;
2889 /* BT Coexistance Out */
2890 mask |= 0x0100;
2891 set |= 0x0100;
2892 }
2893 if (dev->dev->bus_sprom->boardflags_lo & B43_BFL_PACTRL) {
2894 /* PA is controlled by gpio 9, let ucode handle it */
2895 b43_write16(dev, B43_MMIO_GPIO_MASK,
2896 b43_read16(dev, B43_MMIO_GPIO_MASK)
2897 | 0x0200);
2898 mask |= 0x0200;
2899 set |= 0x0200;
2900 }
2901
2902 switch (dev->dev->bus_type) {
2903#ifdef CONFIG_B43_BCMA
2904 case B43_BUS_BCMA:
2905 bcma_chipco_gpio_control(&dev->dev->bdev->bus->drv_cc, mask, set);
2906 break;
2907#endif
2908#ifdef CONFIG_B43_SSB
2909 case B43_BUS_SSB:
2910 gpiodev = b43_ssb_gpio_dev(dev);
2911 if (gpiodev)
2912 ssb_write32(gpiodev, B43_GPIO_CONTROL,
2913 (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2914 & ~mask) | set);
2915 break;
2916#endif
2917 }
2918
2919 return 0;
2920}
2921
2922/* Turn off all GPIO stuff. Call this on module unload, for example. */
2923static void b43_gpio_cleanup(struct b43_wldev *dev)
2924{
2925#ifdef CONFIG_B43_SSB
2926 struct ssb_device *gpiodev;
2927#endif
2928
2929 switch (dev->dev->bus_type) {
2930#ifdef CONFIG_B43_BCMA
2931 case B43_BUS_BCMA:
2932 bcma_chipco_gpio_control(&dev->dev->bdev->bus->drv_cc, ~0, 0);
2933 break;
2934#endif
2935#ifdef CONFIG_B43_SSB
2936 case B43_BUS_SSB:
2937 gpiodev = b43_ssb_gpio_dev(dev);
2938 if (gpiodev)
2939 ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2940 break;
2941#endif
2942 }
2943}
2944
2945/* http://bcm-specs.sipsolutions.net/EnableMac */
2946void b43_mac_enable(struct b43_wldev *dev)
2947{
2948 if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2949 u16 fwstate;
2950
2951 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2952 B43_SHM_SH_UCODESTAT);
2953 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2954 (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2955 b43err(dev->wl, "b43_mac_enable(): The firmware "
2956 "should be suspended, but current state is %u\n",
2957 fwstate);
2958 }
2959 }
2960
2961 dev->mac_suspended--;
2962 B43_WARN_ON(dev->mac_suspended < 0);
2963 if (dev->mac_suspended == 0) {
2964 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_ENABLED);
2965 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2966 B43_IRQ_MAC_SUSPENDED);
2967 /* Commit writes */
2968 b43_read32(dev, B43_MMIO_MACCTL);
2969 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2970 b43_power_saving_ctl_bits(dev, 0);
2971 }
2972}
2973
2974/* http://bcm-specs.sipsolutions.net/SuspendMAC */
2975void b43_mac_suspend(struct b43_wldev *dev)
2976{
2977 int i;
2978 u32 tmp;
2979
2980 might_sleep();
2981 B43_WARN_ON(dev->mac_suspended < 0);
2982
2983 if (dev->mac_suspended == 0) {
2984 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2985 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_ENABLED, 0);
2986 /* force pci to flush the write */
2987 b43_read32(dev, B43_MMIO_MACCTL);
2988 for (i = 35; i; i--) {
2989 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2990 if (tmp & B43_IRQ_MAC_SUSPENDED)
2991 goto out;
2992 udelay(10);
2993 }
2994 /* Hm, it seems this will take some time. Use msleep(). */
2995 for (i = 40; i; i--) {
2996 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2997 if (tmp & B43_IRQ_MAC_SUSPENDED)
2998 goto out;
2999 msleep(1);
3000 }
3001 b43err(dev->wl, "MAC suspend failed\n");
3002 }
3003out:
3004 dev->mac_suspended++;
3005}
3006
3007/* http://bcm-v4.sipsolutions.net/802.11/PHY/N/MacPhyClkSet */
3008void b43_mac_phy_clock_set(struct b43_wldev *dev, bool on)
3009{
3010 u32 tmp;
3011
3012 switch (dev->dev->bus_type) {
3013#ifdef CONFIG_B43_BCMA
3014 case B43_BUS_BCMA:
3015 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
3016 if (on)
3017 tmp |= B43_BCMA_IOCTL_MACPHYCLKEN;
3018 else
3019 tmp &= ~B43_BCMA_IOCTL_MACPHYCLKEN;
3020 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
3021 break;
3022#endif
3023#ifdef CONFIG_B43_SSB
3024 case B43_BUS_SSB:
3025 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3026 if (on)
3027 tmp |= B43_TMSLOW_MACPHYCLKEN;
3028 else
3029 tmp &= ~B43_TMSLOW_MACPHYCLKEN;
3030 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3031 break;
3032#endif
3033 }
3034}
3035
3036/* brcms_b_switch_macfreq */
3037void b43_mac_switch_freq(struct b43_wldev *dev, u8 spurmode)
3038{
3039 u16 chip_id = dev->dev->chip_id;
3040
3041 if (chip_id == BCMA_CHIP_ID_BCM4331) {
3042 switch (spurmode) {
3043 case 2: /* 168 Mhz: 2^26/168 = 0x61862 */
3044 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x1862);
3045 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x6);
3046 break;
3047 case 1: /* 164 Mhz: 2^26/164 = 0x63e70 */
3048 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x3e70);
3049 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x6);
3050 break;
3051 default: /* 160 Mhz: 2^26/160 = 0x66666 */
3052 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x6666);
3053 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x6);
3054 break;
3055 }
3056 } else if (chip_id == BCMA_CHIP_ID_BCM43131 ||
3057 chip_id == BCMA_CHIP_ID_BCM43217 ||
3058 chip_id == BCMA_CHIP_ID_BCM43222 ||
3059 chip_id == BCMA_CHIP_ID_BCM43224 ||
3060 chip_id == BCMA_CHIP_ID_BCM43225 ||
3061 chip_id == BCMA_CHIP_ID_BCM43227 ||
3062 chip_id == BCMA_CHIP_ID_BCM43228) {
3063 switch (spurmode) {
3064 case 2: /* 126 Mhz */
3065 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x2082);
3066 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x8);
3067 break;
3068 case 1: /* 123 Mhz */
3069 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x5341);
3070 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x8);
3071 break;
3072 default: /* 120 Mhz */
3073 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x8889);
3074 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x8);
3075 break;
3076 }
3077 } else if (dev->phy.type == B43_PHYTYPE_LCN) {
3078 switch (spurmode) {
3079 case 1: /* 82 Mhz */
3080 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x7CE0);
3081 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0xC);
3082 break;
3083 default: /* 80 Mhz */
3084 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0xCCCD);
3085 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0xC);
3086 break;
3087 }
3088 }
3089}
3090
3091static void b43_adjust_opmode(struct b43_wldev *dev)
3092{
3093 struct b43_wl *wl = dev->wl;
3094 u32 ctl;
3095 u16 cfp_pretbtt;
3096
3097 ctl = b43_read32(dev, B43_MMIO_MACCTL);
3098 /* Reset status to STA infrastructure mode. */
3099 ctl &= ~B43_MACCTL_AP;
3100 ctl &= ~B43_MACCTL_KEEP_CTL;
3101 ctl &= ~B43_MACCTL_KEEP_BADPLCP;
3102 ctl &= ~B43_MACCTL_KEEP_BAD;
3103 ctl &= ~B43_MACCTL_PROMISC;
3104 ctl &= ~B43_MACCTL_BEACPROMISC;
3105 ctl |= B43_MACCTL_INFRA;
3106
3107 if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3108 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
3109 ctl |= B43_MACCTL_AP;
3110 else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
3111 ctl &= ~B43_MACCTL_INFRA;
3112
3113 if (wl->filter_flags & FIF_CONTROL)
3114 ctl |= B43_MACCTL_KEEP_CTL;
3115 if (wl->filter_flags & FIF_FCSFAIL)
3116 ctl |= B43_MACCTL_KEEP_BAD;
3117 if (wl->filter_flags & FIF_PLCPFAIL)
3118 ctl |= B43_MACCTL_KEEP_BADPLCP;
3119 if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
3120 ctl |= B43_MACCTL_BEACPROMISC;
3121
3122 /* Workaround: On old hardware the HW-MAC-address-filter
3123 * doesn't work properly, so always run promisc in filter
3124 * it in software. */
3125 if (dev->dev->core_rev <= 4)
3126 ctl |= B43_MACCTL_PROMISC;
3127
3128 b43_write32(dev, B43_MMIO_MACCTL, ctl);
3129
3130 cfp_pretbtt = 2;
3131 if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
3132 if (dev->dev->chip_id == 0x4306 &&
3133 dev->dev->chip_rev == 3)
3134 cfp_pretbtt = 100;
3135 else
3136 cfp_pretbtt = 50;
3137 }
3138 b43_write16(dev, 0x612, cfp_pretbtt);
3139
3140 /* FIXME: We don't currently implement the PMQ mechanism,
3141 * so always disable it. If we want to implement PMQ,
3142 * we need to enable it here (clear DISCPMQ) in AP mode.
3143 */
3144 if (0 /* ctl & B43_MACCTL_AP */)
3145 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_DISCPMQ, 0);
3146 else
3147 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_DISCPMQ);
3148}
3149
3150static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
3151{
3152 u16 offset;
3153
3154 if (is_ofdm) {
3155 offset = 0x480;
3156 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
3157 } else {
3158 offset = 0x4C0;
3159 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
3160 }
3161 b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
3162 b43_shm_read16(dev, B43_SHM_SHARED, offset));
3163}
3164
3165static void b43_rate_memory_init(struct b43_wldev *dev)
3166{
3167 switch (dev->phy.type) {
3168 case B43_PHYTYPE_G:
3169 case B43_PHYTYPE_N:
3170 case B43_PHYTYPE_LP:
3171 case B43_PHYTYPE_HT:
3172 case B43_PHYTYPE_LCN:
3173 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
3174 b43_rate_memory_write(dev, B43_OFDM_RATE_9MB, 1);
3175 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
3176 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
3177 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
3178 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
3179 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
3180 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
3181 /* fallthrough */
3182 case B43_PHYTYPE_B:
3183 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
3184 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
3185 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
3186 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
3187 break;
3188 default:
3189 B43_WARN_ON(1);
3190 }
3191}
3192
3193/* Set the default values for the PHY TX Control Words. */
3194static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
3195{
3196 u16 ctl = 0;
3197
3198 ctl |= B43_TXH_PHY_ENC_CCK;
3199 ctl |= B43_TXH_PHY_ANT01AUTO;
3200 ctl |= B43_TXH_PHY_TXPWR;
3201
3202 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
3203 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
3204 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
3205}
3206
3207/* Set the TX-Antenna for management frames sent by firmware. */
3208static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
3209{
3210 u16 ant;
3211 u16 tmp;
3212
3213 ant = b43_antenna_to_phyctl(antenna);
3214
3215 /* For ACK/CTS */
3216 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
3217 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3218 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
3219 /* For Probe Resposes */
3220 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
3221 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3222 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
3223}
3224
3225/* This is the opposite of b43_chip_init() */
3226static void b43_chip_exit(struct b43_wldev *dev)
3227{
3228 b43_phy_exit(dev);
3229 b43_gpio_cleanup(dev);
3230 /* firmware is released later */
3231}
3232
3233/* Initialize the chip
3234 * http://bcm-specs.sipsolutions.net/ChipInit
3235 */
3236static int b43_chip_init(struct b43_wldev *dev)
3237{
3238 struct b43_phy *phy = &dev->phy;
3239 int err;
3240 u32 macctl;
3241 u16 value16;
3242
3243 /* Initialize the MAC control */
3244 macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
3245 if (dev->phy.gmode)
3246 macctl |= B43_MACCTL_GMODE;
3247 macctl |= B43_MACCTL_INFRA;
3248 b43_write32(dev, B43_MMIO_MACCTL, macctl);
3249
3250 err = b43_upload_microcode(dev);
3251 if (err)
3252 goto out; /* firmware is released later */
3253
3254 err = b43_gpio_init(dev);
3255 if (err)
3256 goto out; /* firmware is released later */
3257
3258 err = b43_upload_initvals(dev);
3259 if (err)
3260 goto err_gpio_clean;
3261
3262 err = b43_upload_initvals_band(dev);
3263 if (err)
3264 goto err_gpio_clean;
3265
3266 /* Turn the Analog on and initialize the PHY. */
3267 phy->ops->switch_analog(dev, 1);
3268 err = b43_phy_init(dev);
3269 if (err)
3270 goto err_gpio_clean;
3271
3272 /* Disable Interference Mitigation. */
3273 if (phy->ops->interf_mitigation)
3274 phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
3275
3276 /* Select the antennae */
3277 if (phy->ops->set_rx_antenna)
3278 phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
3279 b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
3280
3281 if (phy->type == B43_PHYTYPE_B) {
3282 value16 = b43_read16(dev, 0x005E);
3283 value16 |= 0x0004;
3284 b43_write16(dev, 0x005E, value16);
3285 }
3286 b43_write32(dev, 0x0100, 0x01000000);
3287 if (dev->dev->core_rev < 5)
3288 b43_write32(dev, 0x010C, 0x01000000);
3289
3290 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_INFRA, 0);
3291 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_INFRA);
3292
3293 /* Probe Response Timeout value */
3294 /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
3295 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 0);
3296
3297 /* Initially set the wireless operation mode. */
3298 b43_adjust_opmode(dev);
3299
3300 if (dev->dev->core_rev < 3) {
3301 b43_write16(dev, 0x060E, 0x0000);
3302 b43_write16(dev, 0x0610, 0x8000);
3303 b43_write16(dev, 0x0604, 0x0000);
3304 b43_write16(dev, 0x0606, 0x0200);
3305 } else {
3306 b43_write32(dev, 0x0188, 0x80000000);
3307 b43_write32(dev, 0x018C, 0x02000000);
3308 }
3309 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
3310 b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001FC00);
3311 b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
3312 b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
3313 b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
3314 b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
3315 b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
3316
3317 b43_mac_phy_clock_set(dev, true);
3318
3319 switch (dev->dev->bus_type) {
3320#ifdef CONFIG_B43_BCMA
3321 case B43_BUS_BCMA:
3322 /* FIXME: 0xE74 is quite common, but should be read from CC */
3323 b43_write16(dev, B43_MMIO_POWERUP_DELAY, 0xE74);
3324 break;
3325#endif
3326#ifdef CONFIG_B43_SSB
3327 case B43_BUS_SSB:
3328 b43_write16(dev, B43_MMIO_POWERUP_DELAY,
3329 dev->dev->sdev->bus->chipco.fast_pwrup_delay);
3330 break;
3331#endif
3332 }
3333
3334 err = 0;
3335 b43dbg(dev->wl, "Chip initialized\n");
3336out:
3337 return err;
3338
3339err_gpio_clean:
3340 b43_gpio_cleanup(dev);
3341 return err;
3342}
3343
3344static void b43_periodic_every60sec(struct b43_wldev *dev)
3345{
3346 const struct b43_phy_operations *ops = dev->phy.ops;
3347
3348 if (ops->pwork_60sec)
3349 ops->pwork_60sec(dev);
3350
3351 /* Force check the TX power emission now. */
3352 b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
3353}
3354
3355static void b43_periodic_every30sec(struct b43_wldev *dev)
3356{
3357 /* Update device statistics. */
3358 b43_calculate_link_quality(dev);
3359}
3360
3361static void b43_periodic_every15sec(struct b43_wldev *dev)
3362{
3363 struct b43_phy *phy = &dev->phy;
3364 u16 wdr;
3365
3366 if (dev->fw.opensource) {
3367 /* Check if the firmware is still alive.
3368 * It will reset the watchdog counter to 0 in its idle loop. */
3369 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
3370 if (unlikely(wdr)) {
3371 b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
3372 b43_controller_restart(dev, "Firmware watchdog");
3373 return;
3374 } else {
3375 b43_shm_write16(dev, B43_SHM_SCRATCH,
3376 B43_WATCHDOG_REG, 1);
3377 }
3378 }
3379
3380 if (phy->ops->pwork_15sec)
3381 phy->ops->pwork_15sec(dev);
3382
3383 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3384 wmb();
3385
3386#if B43_DEBUG
3387 if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
3388 unsigned int i;
3389
3390 b43dbg(dev->wl, "Stats: %7u IRQs/sec, %7u TX/sec, %7u RX/sec\n",
3391 dev->irq_count / 15,
3392 dev->tx_count / 15,
3393 dev->rx_count / 15);
3394 dev->irq_count = 0;
3395 dev->tx_count = 0;
3396 dev->rx_count = 0;
3397 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
3398 if (dev->irq_bit_count[i]) {
3399 b43dbg(dev->wl, "Stats: %7u IRQ-%02u/sec (0x%08X)\n",
3400 dev->irq_bit_count[i] / 15, i, (1 << i));
3401 dev->irq_bit_count[i] = 0;
3402 }
3403 }
3404 }
3405#endif
3406}
3407
3408static void do_periodic_work(struct b43_wldev *dev)
3409{
3410 unsigned int state;
3411
3412 state = dev->periodic_state;
3413 if (state % 4 == 0)
3414 b43_periodic_every60sec(dev);
3415 if (state % 2 == 0)
3416 b43_periodic_every30sec(dev);
3417 b43_periodic_every15sec(dev);
3418}
3419
3420/* Periodic work locking policy:
3421 * The whole periodic work handler is protected by
3422 * wl->mutex. If another lock is needed somewhere in the
3423 * pwork callchain, it's acquired in-place, where it's needed.
3424 */
3425static void b43_periodic_work_handler(struct work_struct *work)
3426{
3427 struct b43_wldev *dev = container_of(work, struct b43_wldev,
3428 periodic_work.work);
3429 struct b43_wl *wl = dev->wl;
3430 unsigned long delay;
3431
3432 mutex_lock(&wl->mutex);
3433
3434 if (unlikely(b43_status(dev) != B43_STAT_STARTED))
3435 goto out;
3436 if (b43_debug(dev, B43_DBG_PWORK_STOP))
3437 goto out_requeue;
3438
3439 do_periodic_work(dev);
3440
3441 dev->periodic_state++;
3442out_requeue:
3443 if (b43_debug(dev, B43_DBG_PWORK_FAST))
3444 delay = msecs_to_jiffies(50);
3445 else
3446 delay = round_jiffies_relative(HZ * 15);
3447 ieee80211_queue_delayed_work(wl->hw, &dev->periodic_work, delay);
3448out:
3449 mutex_unlock(&wl->mutex);
3450}
3451
3452static void b43_periodic_tasks_setup(struct b43_wldev *dev)
3453{
3454 struct delayed_work *work = &dev->periodic_work;
3455
3456 dev->periodic_state = 0;
3457 INIT_DELAYED_WORK(work, b43_periodic_work_handler);
3458 ieee80211_queue_delayed_work(dev->wl->hw, work, 0);
3459}
3460
3461/* Check if communication with the device works correctly. */
3462static int b43_validate_chipaccess(struct b43_wldev *dev)
3463{
3464 u32 v, backup0, backup4;
3465
3466 backup0 = b43_shm_read32(dev, B43_SHM_SHARED, 0);
3467 backup4 = b43_shm_read32(dev, B43_SHM_SHARED, 4);
3468
3469 /* Check for read/write and endianness problems. */
3470 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
3471 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
3472 goto error;
3473 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
3474 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
3475 goto error;
3476
3477 /* Check if unaligned 32bit SHM_SHARED access works properly.
3478 * However, don't bail out on failure, because it's noncritical. */
3479 b43_shm_write16(dev, B43_SHM_SHARED, 0, 0x1122);
3480 b43_shm_write16(dev, B43_SHM_SHARED, 2, 0x3344);
3481 b43_shm_write16(dev, B43_SHM_SHARED, 4, 0x5566);
3482 b43_shm_write16(dev, B43_SHM_SHARED, 6, 0x7788);
3483 if (b43_shm_read32(dev, B43_SHM_SHARED, 2) != 0x55663344)
3484 b43warn(dev->wl, "Unaligned 32bit SHM read access is broken\n");
3485 b43_shm_write32(dev, B43_SHM_SHARED, 2, 0xAABBCCDD);
3486 if (b43_shm_read16(dev, B43_SHM_SHARED, 0) != 0x1122 ||
3487 b43_shm_read16(dev, B43_SHM_SHARED, 2) != 0xCCDD ||
3488 b43_shm_read16(dev, B43_SHM_SHARED, 4) != 0xAABB ||
3489 b43_shm_read16(dev, B43_SHM_SHARED, 6) != 0x7788)
3490 b43warn(dev->wl, "Unaligned 32bit SHM write access is broken\n");
3491
3492 b43_shm_write32(dev, B43_SHM_SHARED, 0, backup0);
3493 b43_shm_write32(dev, B43_SHM_SHARED, 4, backup4);
3494
3495 if ((dev->dev->core_rev >= 3) && (dev->dev->core_rev <= 10)) {
3496 /* The 32bit register shadows the two 16bit registers
3497 * with update sideeffects. Validate this. */
3498 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
3499 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
3500 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
3501 goto error;
3502 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
3503 goto error;
3504 }
3505 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
3506
3507 v = b43_read32(dev, B43_MMIO_MACCTL);
3508 v |= B43_MACCTL_GMODE;
3509 if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
3510 goto error;
3511
3512 return 0;
3513error:
3514 b43err(dev->wl, "Failed to validate the chipaccess\n");
3515 return -ENODEV;
3516}
3517
3518static void b43_security_init(struct b43_wldev *dev)
3519{
3520 dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
3521 /* KTP is a word address, but we address SHM bytewise.
3522 * So multiply by two.
3523 */
3524 dev->ktp *= 2;
3525 /* Number of RCMTA address slots */
3526 b43_write16(dev, B43_MMIO_RCMTA_COUNT, B43_NR_PAIRWISE_KEYS);
3527 /* Clear the key memory. */
3528 b43_clear_keys(dev);
3529}
3530
3531#ifdef CONFIG_B43_HWRNG
3532static int b43_rng_read(struct hwrng *rng, u32 *data)
3533{
3534 struct b43_wl *wl = (struct b43_wl *)rng->priv;
3535 struct b43_wldev *dev;
3536 int count = -ENODEV;
3537
3538 mutex_lock(&wl->mutex);
3539 dev = wl->current_dev;
3540 if (likely(dev && b43_status(dev) >= B43_STAT_INITIALIZED)) {
3541 *data = b43_read16(dev, B43_MMIO_RNG);
3542 count = sizeof(u16);
3543 }
3544 mutex_unlock(&wl->mutex);
3545
3546 return count;
3547}
3548#endif /* CONFIG_B43_HWRNG */
3549
3550static void b43_rng_exit(struct b43_wl *wl)
3551{
3552#ifdef CONFIG_B43_HWRNG
3553 if (wl->rng_initialized)
3554 hwrng_unregister(&wl->rng);
3555#endif /* CONFIG_B43_HWRNG */
3556}
3557
3558static int b43_rng_init(struct b43_wl *wl)
3559{
3560 int err = 0;
3561
3562#ifdef CONFIG_B43_HWRNG
3563 snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
3564 "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
3565 wl->rng.name = wl->rng_name;
3566 wl->rng.data_read = b43_rng_read;
3567 wl->rng.priv = (unsigned long)wl;
3568 wl->rng_initialized = true;
3569 err = hwrng_register(&wl->rng);
3570 if (err) {
3571 wl->rng_initialized = false;
3572 b43err(wl, "Failed to register the random "
3573 "number generator (%d)\n", err);
3574 }
3575#endif /* CONFIG_B43_HWRNG */
3576
3577 return err;
3578}
3579
3580static void b43_tx_work(struct work_struct *work)
3581{
3582 struct b43_wl *wl = container_of(work, struct b43_wl, tx_work);
3583 struct b43_wldev *dev;
3584 struct sk_buff *skb;
3585 int queue_num;
3586 int err = 0;
3587
3588 mutex_lock(&wl->mutex);
3589 dev = wl->current_dev;
3590 if (unlikely(!dev || b43_status(dev) < B43_STAT_STARTED)) {
3591 mutex_unlock(&wl->mutex);
3592 return;
3593 }
3594
3595 for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
3596 while (skb_queue_len(&wl->tx_queue[queue_num])) {
3597 skb = skb_dequeue(&wl->tx_queue[queue_num]);
3598 if (b43_using_pio_transfers(dev))
3599 err = b43_pio_tx(dev, skb);
3600 else
3601 err = b43_dma_tx(dev, skb);
3602 if (err == -ENOSPC) {
3603 wl->tx_queue_stopped[queue_num] = 1;
3604 ieee80211_stop_queue(wl->hw, queue_num);
3605 skb_queue_head(&wl->tx_queue[queue_num], skb);
3606 break;
3607 }
3608 if (unlikely(err))
3609 ieee80211_free_txskb(wl->hw, skb);
3610 err = 0;
3611 }
3612
3613 if (!err)
3614 wl->tx_queue_stopped[queue_num] = 0;
3615 }
3616
3617#if B43_DEBUG
3618 dev->tx_count++;
3619#endif
3620 mutex_unlock(&wl->mutex);
3621}
3622
3623static void b43_op_tx(struct ieee80211_hw *hw,
3624 struct ieee80211_tx_control *control,
3625 struct sk_buff *skb)
3626{
3627 struct b43_wl *wl = hw_to_b43_wl(hw);
3628
3629 if (unlikely(skb->len < 2 + 2 + 6)) {
3630 /* Too short, this can't be a valid frame. */
3631 ieee80211_free_txskb(hw, skb);
3632 return;
3633 }
3634 B43_WARN_ON(skb_shinfo(skb)->nr_frags);
3635
3636 skb_queue_tail(&wl->tx_queue[skb->queue_mapping], skb);
3637 if (!wl->tx_queue_stopped[skb->queue_mapping]) {
3638 ieee80211_queue_work(wl->hw, &wl->tx_work);
3639 } else {
3640 ieee80211_stop_queue(wl->hw, skb->queue_mapping);
3641 }
3642}
3643
3644static void b43_qos_params_upload(struct b43_wldev *dev,
3645 const struct ieee80211_tx_queue_params *p,
3646 u16 shm_offset)
3647{
3648 u16 params[B43_NR_QOSPARAMS];
3649 int bslots, tmp;
3650 unsigned int i;
3651
3652 if (!dev->qos_enabled)
3653 return;
3654
3655 bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
3656
3657 memset(¶ms, 0, sizeof(params));
3658
3659 params[B43_QOSPARAM_TXOP] = p->txop * 32;
3660 params[B43_QOSPARAM_CWMIN] = p->cw_min;
3661 params[B43_QOSPARAM_CWMAX] = p->cw_max;
3662 params[B43_QOSPARAM_CWCUR] = p->cw_min;
3663 params[B43_QOSPARAM_AIFS] = p->aifs;
3664 params[B43_QOSPARAM_BSLOTS] = bslots;
3665 params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3666
3667 for (i = 0; i < ARRAY_SIZE(params); i++) {
3668 if (i == B43_QOSPARAM_STATUS) {
3669 tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3670 shm_offset + (i * 2));
3671 /* Mark the parameters as updated. */
3672 tmp |= 0x100;
3673 b43_shm_write16(dev, B43_SHM_SHARED,
3674 shm_offset + (i * 2),
3675 tmp);
3676 } else {
3677 b43_shm_write16(dev, B43_SHM_SHARED,
3678 shm_offset + (i * 2),
3679 params[i]);
3680 }
3681 }
3682}
3683
3684/* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3685static const u16 b43_qos_shm_offsets[] = {
3686 /* [mac80211-queue-nr] = SHM_OFFSET, */
3687 [0] = B43_QOS_VOICE,
3688 [1] = B43_QOS_VIDEO,
3689 [2] = B43_QOS_BESTEFFORT,
3690 [3] = B43_QOS_BACKGROUND,
3691};
3692
3693/* Update all QOS parameters in hardware. */
3694static void b43_qos_upload_all(struct b43_wldev *dev)
3695{
3696 struct b43_wl *wl = dev->wl;
3697 struct b43_qos_params *params;
3698 unsigned int i;
3699
3700 if (!dev->qos_enabled)
3701 return;
3702
3703 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3704 ARRAY_SIZE(wl->qos_params));
3705
3706 b43_mac_suspend(dev);
3707 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3708 params = &(wl->qos_params[i]);
3709 b43_qos_params_upload(dev, &(params->p),
3710 b43_qos_shm_offsets[i]);
3711 }
3712 b43_mac_enable(dev);
3713}
3714
3715static void b43_qos_clear(struct b43_wl *wl)
3716{
3717 struct b43_qos_params *params;
3718 unsigned int i;
3719
3720 /* Initialize QoS parameters to sane defaults. */
3721
3722 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3723 ARRAY_SIZE(wl->qos_params));
3724
3725 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3726 params = &(wl->qos_params[i]);
3727
3728 switch (b43_qos_shm_offsets[i]) {
3729 case B43_QOS_VOICE:
3730 params->p.txop = 0;
3731 params->p.aifs = 2;
3732 params->p.cw_min = 0x0001;
3733 params->p.cw_max = 0x0001;
3734 break;
3735 case B43_QOS_VIDEO:
3736 params->p.txop = 0;
3737 params->p.aifs = 2;
3738 params->p.cw_min = 0x0001;
3739 params->p.cw_max = 0x0001;
3740 break;
3741 case B43_QOS_BESTEFFORT:
3742 params->p.txop = 0;
3743 params->p.aifs = 3;
3744 params->p.cw_min = 0x0001;
3745 params->p.cw_max = 0x03FF;
3746 break;
3747 case B43_QOS_BACKGROUND:
3748 params->p.txop = 0;
3749 params->p.aifs = 7;
3750 params->p.cw_min = 0x0001;
3751 params->p.cw_max = 0x03FF;
3752 break;
3753 default:
3754 B43_WARN_ON(1);
3755 }
3756 }
3757}
3758
3759/* Initialize the core's QOS capabilities */
3760static void b43_qos_init(struct b43_wldev *dev)
3761{
3762 if (!dev->qos_enabled) {
3763 /* Disable QOS support. */
3764 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_EDCF);
3765 b43_write16(dev, B43_MMIO_IFSCTL,
3766 b43_read16(dev, B43_MMIO_IFSCTL)
3767 & ~B43_MMIO_IFSCTL_USE_EDCF);
3768 b43dbg(dev->wl, "QoS disabled\n");
3769 return;
3770 }
3771
3772 /* Upload the current QOS parameters. */
3773 b43_qos_upload_all(dev);
3774
3775 /* Enable QOS support. */
3776 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3777 b43_write16(dev, B43_MMIO_IFSCTL,
3778 b43_read16(dev, B43_MMIO_IFSCTL)
3779 | B43_MMIO_IFSCTL_USE_EDCF);
3780 b43dbg(dev->wl, "QoS enabled\n");
3781}
3782
3783static int b43_op_conf_tx(struct ieee80211_hw *hw,
3784 struct ieee80211_vif *vif, u16 _queue,
3785 const struct ieee80211_tx_queue_params *params)
3786{
3787 struct b43_wl *wl = hw_to_b43_wl(hw);
3788 struct b43_wldev *dev;
3789 unsigned int queue = (unsigned int)_queue;
3790 int err = -ENODEV;
3791
3792 if (queue >= ARRAY_SIZE(wl->qos_params)) {
3793 /* Queue not available or don't support setting
3794 * params on this queue. Return success to not
3795 * confuse mac80211. */
3796 return 0;
3797 }
3798 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3799 ARRAY_SIZE(wl->qos_params));
3800
3801 mutex_lock(&wl->mutex);
3802 dev = wl->current_dev;
3803 if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
3804 goto out_unlock;
3805
3806 memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
3807 b43_mac_suspend(dev);
3808 b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
3809 b43_qos_shm_offsets[queue]);
3810 b43_mac_enable(dev);
3811 err = 0;
3812
3813out_unlock:
3814 mutex_unlock(&wl->mutex);
3815
3816 return err;
3817}
3818
3819static int b43_op_get_stats(struct ieee80211_hw *hw,
3820 struct ieee80211_low_level_stats *stats)
3821{
3822 struct b43_wl *wl = hw_to_b43_wl(hw);
3823
3824 mutex_lock(&wl->mutex);
3825 memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3826 mutex_unlock(&wl->mutex);
3827
3828 return 0;
3829}
3830
3831static u64 b43_op_get_tsf(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
3832{
3833 struct b43_wl *wl = hw_to_b43_wl(hw);
3834 struct b43_wldev *dev;
3835 u64 tsf;
3836
3837 mutex_lock(&wl->mutex);
3838 dev = wl->current_dev;
3839
3840 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3841 b43_tsf_read(dev, &tsf);
3842 else
3843 tsf = 0;
3844
3845 mutex_unlock(&wl->mutex);
3846
3847 return tsf;
3848}
3849
3850static void b43_op_set_tsf(struct ieee80211_hw *hw,
3851 struct ieee80211_vif *vif, u64 tsf)
3852{
3853 struct b43_wl *wl = hw_to_b43_wl(hw);
3854 struct b43_wldev *dev;
3855
3856 mutex_lock(&wl->mutex);
3857 dev = wl->current_dev;
3858
3859 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3860 b43_tsf_write(dev, tsf);
3861
3862 mutex_unlock(&wl->mutex);
3863}
3864
3865static const char *band_to_string(enum nl80211_band band)
3866{
3867 switch (band) {
3868 case NL80211_BAND_5GHZ:
3869 return "5";
3870 case NL80211_BAND_2GHZ:
3871 return "2.4";
3872 default:
3873 break;
3874 }
3875 B43_WARN_ON(1);
3876 return "";
3877}
3878
3879/* Expects wl->mutex locked */
3880static int b43_switch_band(struct b43_wldev *dev,
3881 struct ieee80211_channel *chan)
3882{
3883 struct b43_phy *phy = &dev->phy;
3884 bool gmode;
3885 u32 tmp;
3886
3887 switch (chan->band) {
3888 case NL80211_BAND_5GHZ:
3889 gmode = false;
3890 break;
3891 case NL80211_BAND_2GHZ:
3892 gmode = true;
3893 break;
3894 default:
3895 B43_WARN_ON(1);
3896 return -EINVAL;
3897 }
3898
3899 if (!((gmode && phy->supports_2ghz) ||
3900 (!gmode && phy->supports_5ghz))) {
3901 b43err(dev->wl, "This device doesn't support %s-GHz band\n",
3902 band_to_string(chan->band));
3903 return -ENODEV;
3904 }
3905
3906 if (!!phy->gmode == !!gmode) {
3907 /* This device is already running. */
3908 return 0;
3909 }
3910
3911 b43dbg(dev->wl, "Switching to %s GHz band\n",
3912 band_to_string(chan->band));
3913
3914 /* Some new devices don't need disabling radio for band switching */
3915 if (!(phy->type == B43_PHYTYPE_N && phy->rev >= 3))
3916 b43_software_rfkill(dev, true);
3917
3918 phy->gmode = gmode;
3919 b43_phy_put_into_reset(dev);
3920 switch (dev->dev->bus_type) {
3921#ifdef CONFIG_B43_BCMA
3922 case B43_BUS_BCMA:
3923 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
3924 if (gmode)
3925 tmp |= B43_BCMA_IOCTL_GMODE;
3926 else
3927 tmp &= ~B43_BCMA_IOCTL_GMODE;
3928 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
3929 break;
3930#endif
3931#ifdef CONFIG_B43_SSB
3932 case B43_BUS_SSB:
3933 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3934 if (gmode)
3935 tmp |= B43_TMSLOW_GMODE;
3936 else
3937 tmp &= ~B43_TMSLOW_GMODE;
3938 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3939 break;
3940#endif
3941 }
3942 b43_phy_take_out_of_reset(dev);
3943
3944 b43_upload_initvals_band(dev);
3945
3946 b43_phy_init(dev);
3947
3948 return 0;
3949}
3950
3951static void b43_set_beacon_listen_interval(struct b43_wldev *dev, u16 interval)
3952{
3953 interval = min_t(u16, interval, (u16)0xFF);
3954 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BCN_LI, interval);
3955}
3956
3957/* Write the short and long frame retry limit values. */
3958static void b43_set_retry_limits(struct b43_wldev *dev,
3959 unsigned int short_retry,
3960 unsigned int long_retry)
3961{
3962 /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3963 * the chip-internal counter. */
3964 short_retry = min(short_retry, (unsigned int)0xF);
3965 long_retry = min(long_retry, (unsigned int)0xF);
3966
3967 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3968 short_retry);
3969 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3970 long_retry);
3971}
3972
3973static int b43_op_config(struct ieee80211_hw *hw, u32 changed)
3974{
3975 struct b43_wl *wl = hw_to_b43_wl(hw);
3976 struct b43_wldev *dev = wl->current_dev;
3977 struct b43_phy *phy = &dev->phy;
3978 struct ieee80211_conf *conf = &hw->conf;
3979 int antenna;
3980 int err = 0;
3981
3982 mutex_lock(&wl->mutex);
3983 b43_mac_suspend(dev);
3984
3985 if (changed & IEEE80211_CONF_CHANGE_LISTEN_INTERVAL)
3986 b43_set_beacon_listen_interval(dev, conf->listen_interval);
3987
3988 if (changed & IEEE80211_CONF_CHANGE_CHANNEL) {
3989 phy->chandef = &conf->chandef;
3990 phy->channel = conf->chandef.chan->hw_value;
3991
3992 /* Switch the band (if necessary). */
3993 err = b43_switch_band(dev, conf->chandef.chan);
3994 if (err)
3995 goto out_mac_enable;
3996
3997 /* Switch to the requested channel.
3998 * The firmware takes care of races with the TX handler.
3999 */
4000 b43_switch_channel(dev, phy->channel);
4001 }
4002
4003 if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
4004 b43_set_retry_limits(dev, conf->short_frame_max_tx_count,
4005 conf->long_frame_max_tx_count);
4006 changed &= ~IEEE80211_CONF_CHANGE_RETRY_LIMITS;
4007 if (!changed)
4008 goto out_mac_enable;
4009
4010 dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_MONITOR);
4011
4012 /* Adjust the desired TX power level. */
4013 if (conf->power_level != 0) {
4014 if (conf->power_level != phy->desired_txpower) {
4015 phy->desired_txpower = conf->power_level;
4016 b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
4017 B43_TXPWR_IGNORE_TSSI);
4018 }
4019 }
4020
4021 /* Antennas for RX and management frame TX. */
4022 antenna = B43_ANTENNA_DEFAULT;
4023 b43_mgmtframe_txantenna(dev, antenna);
4024 antenna = B43_ANTENNA_DEFAULT;
4025 if (phy->ops->set_rx_antenna)
4026 phy->ops->set_rx_antenna(dev, antenna);
4027
4028 if (wl->radio_enabled != phy->radio_on) {
4029 if (wl->radio_enabled) {
4030 b43_software_rfkill(dev, false);
4031 b43info(dev->wl, "Radio turned on by software\n");
4032 if (!dev->radio_hw_enable) {
4033 b43info(dev->wl, "The hardware RF-kill button "
4034 "still turns the radio physically off. "
4035 "Press the button to turn it on.\n");
4036 }
4037 } else {
4038 b43_software_rfkill(dev, true);
4039 b43info(dev->wl, "Radio turned off by software\n");
4040 }
4041 }
4042
4043out_mac_enable:
4044 b43_mac_enable(dev);
4045 mutex_unlock(&wl->mutex);
4046
4047 return err;
4048}
4049
4050static void b43_update_basic_rates(struct b43_wldev *dev, u32 brates)
4051{
4052 struct ieee80211_supported_band *sband =
4053 dev->wl->hw->wiphy->bands[b43_current_band(dev->wl)];
4054 struct ieee80211_rate *rate;
4055 int i;
4056 u16 basic, direct, offset, basic_offset, rateptr;
4057
4058 for (i = 0; i < sband->n_bitrates; i++) {
4059 rate = &sband->bitrates[i];
4060
4061 if (b43_is_cck_rate(rate->hw_value)) {
4062 direct = B43_SHM_SH_CCKDIRECT;
4063 basic = B43_SHM_SH_CCKBASIC;
4064 offset = b43_plcp_get_ratecode_cck(rate->hw_value);
4065 offset &= 0xF;
4066 } else {
4067 direct = B43_SHM_SH_OFDMDIRECT;
4068 basic = B43_SHM_SH_OFDMBASIC;
4069 offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
4070 offset &= 0xF;
4071 }
4072
4073 rate = ieee80211_get_response_rate(sband, brates, rate->bitrate);
4074
4075 if (b43_is_cck_rate(rate->hw_value)) {
4076 basic_offset = b43_plcp_get_ratecode_cck(rate->hw_value);
4077 basic_offset &= 0xF;
4078 } else {
4079 basic_offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
4080 basic_offset &= 0xF;
4081 }
4082
4083 /*
4084 * Get the pointer that we need to point to
4085 * from the direct map
4086 */
4087 rateptr = b43_shm_read16(dev, B43_SHM_SHARED,
4088 direct + 2 * basic_offset);
4089 /* and write it to the basic map */
4090 b43_shm_write16(dev, B43_SHM_SHARED, basic + 2 * offset,
4091 rateptr);
4092 }
4093}
4094
4095static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
4096 struct ieee80211_vif *vif,
4097 struct ieee80211_bss_conf *conf,
4098 u32 changed)
4099{
4100 struct b43_wl *wl = hw_to_b43_wl(hw);
4101 struct b43_wldev *dev;
4102
4103 mutex_lock(&wl->mutex);
4104
4105 dev = wl->current_dev;
4106 if (!dev || b43_status(dev) < B43_STAT_STARTED)
4107 goto out_unlock_mutex;
4108
4109 B43_WARN_ON(wl->vif != vif);
4110
4111 if (changed & BSS_CHANGED_BSSID) {
4112 if (conf->bssid)
4113 memcpy(wl->bssid, conf->bssid, ETH_ALEN);
4114 else
4115 eth_zero_addr(wl->bssid);
4116 }
4117
4118 if (b43_status(dev) >= B43_STAT_INITIALIZED) {
4119 if (changed & BSS_CHANGED_BEACON &&
4120 (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
4121 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
4122 b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
4123 b43_update_templates(wl);
4124
4125 if (changed & BSS_CHANGED_BSSID)
4126 b43_write_mac_bssid_templates(dev);
4127 }
4128
4129 b43_mac_suspend(dev);
4130
4131 /* Update templates for AP/mesh mode. */
4132 if (changed & BSS_CHANGED_BEACON_INT &&
4133 (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
4134 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
4135 b43_is_mode(wl, NL80211_IFTYPE_ADHOC)) &&
4136 conf->beacon_int)
4137 b43_set_beacon_int(dev, conf->beacon_int);
4138
4139 if (changed & BSS_CHANGED_BASIC_RATES)
4140 b43_update_basic_rates(dev, conf->basic_rates);
4141
4142 if (changed & BSS_CHANGED_ERP_SLOT) {
4143 if (conf->use_short_slot)
4144 b43_short_slot_timing_enable(dev);
4145 else
4146 b43_short_slot_timing_disable(dev);
4147 }
4148
4149 b43_mac_enable(dev);
4150out_unlock_mutex:
4151 mutex_unlock(&wl->mutex);
4152}
4153
4154static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
4155 struct ieee80211_vif *vif, struct ieee80211_sta *sta,
4156 struct ieee80211_key_conf *key)
4157{
4158 struct b43_wl *wl = hw_to_b43_wl(hw);
4159 struct b43_wldev *dev;
4160 u8 algorithm;
4161 u8 index;
4162 int err;
4163 static const u8 bcast_addr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
4164
4165 if (modparam_nohwcrypt)
4166 return -ENOSPC; /* User disabled HW-crypto */
4167
4168 if ((vif->type == NL80211_IFTYPE_ADHOC ||
4169 vif->type == NL80211_IFTYPE_MESH_POINT) &&
4170 (key->cipher == WLAN_CIPHER_SUITE_TKIP ||
4171 key->cipher == WLAN_CIPHER_SUITE_CCMP) &&
4172 !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
4173 /*
4174 * For now, disable hw crypto for the RSN IBSS group keys. This
4175 * could be optimized in the future, but until that gets
4176 * implemented, use of software crypto for group addressed
4177 * frames is a acceptable to allow RSN IBSS to be used.
4178 */
4179 return -EOPNOTSUPP;
4180 }
4181
4182 mutex_lock(&wl->mutex);
4183
4184 dev = wl->current_dev;
4185 err = -ENODEV;
4186 if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
4187 goto out_unlock;
4188
4189 if (dev->fw.pcm_request_failed || !dev->hwcrypto_enabled) {
4190 /* We don't have firmware for the crypto engine.
4191 * Must use software-crypto. */
4192 err = -EOPNOTSUPP;
4193 goto out_unlock;
4194 }
4195
4196 err = -EINVAL;
4197 switch (key->cipher) {
4198 case WLAN_CIPHER_SUITE_WEP40:
4199 algorithm = B43_SEC_ALGO_WEP40;
4200 break;
4201 case WLAN_CIPHER_SUITE_WEP104:
4202 algorithm = B43_SEC_ALGO_WEP104;
4203 break;
4204 case WLAN_CIPHER_SUITE_TKIP:
4205 algorithm = B43_SEC_ALGO_TKIP;
4206 break;
4207 case WLAN_CIPHER_SUITE_CCMP:
4208 algorithm = B43_SEC_ALGO_AES;
4209 break;
4210 default:
4211 B43_WARN_ON(1);
4212 goto out_unlock;
4213 }
4214 index = (u8) (key->keyidx);
4215 if (index > 3)
4216 goto out_unlock;
4217
4218 switch (cmd) {
4219 case SET_KEY:
4220 if (algorithm == B43_SEC_ALGO_TKIP &&
4221 (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE) ||
4222 !modparam_hwtkip)) {
4223 /* We support only pairwise key */
4224 err = -EOPNOTSUPP;
4225 goto out_unlock;
4226 }
4227
4228 if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
4229 if (WARN_ON(!sta)) {
4230 err = -EOPNOTSUPP;
4231 goto out_unlock;
4232 }
4233 /* Pairwise key with an assigned MAC address. */
4234 err = b43_key_write(dev, -1, algorithm,
4235 key->key, key->keylen,
4236 sta->addr, key);
4237 } else {
4238 /* Group key */
4239 err = b43_key_write(dev, index, algorithm,
4240 key->key, key->keylen, NULL, key);
4241 }
4242 if (err)
4243 goto out_unlock;
4244
4245 if (algorithm == B43_SEC_ALGO_WEP40 ||
4246 algorithm == B43_SEC_ALGO_WEP104) {
4247 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
4248 } else {
4249 b43_hf_write(dev,
4250 b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
4251 }
4252 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
4253 if (algorithm == B43_SEC_ALGO_TKIP)
4254 key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIC;
4255 break;
4256 case DISABLE_KEY: {
4257 err = b43_key_clear(dev, key->hw_key_idx);
4258 if (err)
4259 goto out_unlock;
4260 break;
4261 }
4262 default:
4263 B43_WARN_ON(1);
4264 }
4265
4266out_unlock:
4267 if (!err) {
4268 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
4269 "mac: %pM\n",
4270 cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
4271 sta ? sta->addr : bcast_addr);
4272 b43_dump_keymemory(dev);
4273 }
4274 mutex_unlock(&wl->mutex);
4275
4276 return err;
4277}
4278
4279static void b43_op_configure_filter(struct ieee80211_hw *hw,
4280 unsigned int changed, unsigned int *fflags,
4281 u64 multicast)
4282{
4283 struct b43_wl *wl = hw_to_b43_wl(hw);
4284 struct b43_wldev *dev;
4285
4286 mutex_lock(&wl->mutex);
4287 dev = wl->current_dev;
4288 if (!dev) {
4289 *fflags = 0;
4290 goto out_unlock;
4291 }
4292
4293 *fflags &= FIF_ALLMULTI |
4294 FIF_FCSFAIL |
4295 FIF_PLCPFAIL |
4296 FIF_CONTROL |
4297 FIF_OTHER_BSS |
4298 FIF_BCN_PRBRESP_PROMISC;
4299
4300 changed &= FIF_ALLMULTI |
4301 FIF_FCSFAIL |
4302 FIF_PLCPFAIL |
4303 FIF_CONTROL |
4304 FIF_OTHER_BSS |
4305 FIF_BCN_PRBRESP_PROMISC;
4306
4307 wl->filter_flags = *fflags;
4308
4309 if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
4310 b43_adjust_opmode(dev);
4311
4312out_unlock:
4313 mutex_unlock(&wl->mutex);
4314}
4315
4316/* Locking: wl->mutex
4317 * Returns the current dev. This might be different from the passed in dev,
4318 * because the core might be gone away while we unlocked the mutex. */
4319static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev)
4320{
4321 struct b43_wl *wl;
4322 struct b43_wldev *orig_dev;
4323 u32 mask;
4324 int queue_num;
4325
4326 if (!dev)
4327 return NULL;
4328 wl = dev->wl;
4329redo:
4330 if (!dev || b43_status(dev) < B43_STAT_STARTED)
4331 return dev;
4332
4333 /* Cancel work. Unlock to avoid deadlocks. */
4334 mutex_unlock(&wl->mutex);
4335 cancel_delayed_work_sync(&dev->periodic_work);
4336 cancel_work_sync(&wl->tx_work);
4337 b43_leds_stop(dev);
4338 mutex_lock(&wl->mutex);
4339 dev = wl->current_dev;
4340 if (!dev || b43_status(dev) < B43_STAT_STARTED) {
4341 /* Whoops, aliens ate up the device while we were unlocked. */
4342 return dev;
4343 }
4344
4345 /* Disable interrupts on the device. */
4346 b43_set_status(dev, B43_STAT_INITIALIZED);
4347 if (b43_bus_host_is_sdio(dev->dev)) {
4348 /* wl->mutex is locked. That is enough. */
4349 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4350 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4351 } else {
4352 spin_lock_irq(&wl->hardirq_lock);
4353 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4354 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4355 spin_unlock_irq(&wl->hardirq_lock);
4356 }
4357 /* Synchronize and free the interrupt handlers. Unlock to avoid deadlocks. */
4358 orig_dev = dev;
4359 mutex_unlock(&wl->mutex);
4360 if (b43_bus_host_is_sdio(dev->dev))
4361 b43_sdio_free_irq(dev);
4362 else
4363 free_irq(dev->dev->irq, dev);
4364 mutex_lock(&wl->mutex);
4365 dev = wl->current_dev;
4366 if (!dev)
4367 return dev;
4368 if (dev != orig_dev) {
4369 if (b43_status(dev) >= B43_STAT_STARTED)
4370 goto redo;
4371 return dev;
4372 }
4373 mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
4374 B43_WARN_ON(mask != 0xFFFFFFFF && mask);
4375
4376 /* Drain all TX queues. */
4377 for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
4378 while (skb_queue_len(&wl->tx_queue[queue_num])) {
4379 struct sk_buff *skb;
4380
4381 skb = skb_dequeue(&wl->tx_queue[queue_num]);
4382 ieee80211_free_txskb(wl->hw, skb);
4383 }
4384 }
4385
4386 b43_mac_suspend(dev);
4387 b43_leds_exit(dev);
4388 b43dbg(wl, "Wireless interface stopped\n");
4389
4390 return dev;
4391}
4392
4393/* Locking: wl->mutex */
4394static int b43_wireless_core_start(struct b43_wldev *dev)
4395{
4396 int err;
4397
4398 B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
4399
4400 drain_txstatus_queue(dev);
4401 if (b43_bus_host_is_sdio(dev->dev)) {
4402 err = b43_sdio_request_irq(dev, b43_sdio_interrupt_handler);
4403 if (err) {
4404 b43err(dev->wl, "Cannot request SDIO IRQ\n");
4405 goto out;
4406 }
4407 } else {
4408 err = request_threaded_irq(dev->dev->irq, b43_interrupt_handler,
4409 b43_interrupt_thread_handler,
4410 IRQF_SHARED, KBUILD_MODNAME, dev);
4411 if (err) {
4412 b43err(dev->wl, "Cannot request IRQ-%d\n",
4413 dev->dev->irq);
4414 goto out;
4415 }
4416 }
4417
4418 /* We are ready to run. */
4419 ieee80211_wake_queues(dev->wl->hw);
4420 b43_set_status(dev, B43_STAT_STARTED);
4421
4422 /* Start data flow (TX/RX). */
4423 b43_mac_enable(dev);
4424 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
4425
4426 /* Start maintenance work */
4427 b43_periodic_tasks_setup(dev);
4428
4429 b43_leds_init(dev);
4430
4431 b43dbg(dev->wl, "Wireless interface started\n");
4432out:
4433 return err;
4434}
4435
4436static char *b43_phy_name(struct b43_wldev *dev, u8 phy_type)
4437{
4438 switch (phy_type) {
4439 case B43_PHYTYPE_A:
4440 return "A";
4441 case B43_PHYTYPE_B:
4442 return "B";
4443 case B43_PHYTYPE_G:
4444 return "G";
4445 case B43_PHYTYPE_N:
4446 return "N";
4447 case B43_PHYTYPE_LP:
4448 return "LP";
4449 case B43_PHYTYPE_SSLPN:
4450 return "SSLPN";
4451 case B43_PHYTYPE_HT:
4452 return "HT";
4453 case B43_PHYTYPE_LCN:
4454 return "LCN";
4455 case B43_PHYTYPE_LCNXN:
4456 return "LCNXN";
4457 case B43_PHYTYPE_LCN40:
4458 return "LCN40";
4459 case B43_PHYTYPE_AC:
4460 return "AC";
4461 }
4462 return "UNKNOWN";
4463}
4464
4465/* Get PHY and RADIO versioning numbers */
4466static int b43_phy_versioning(struct b43_wldev *dev)
4467{
4468 struct b43_phy *phy = &dev->phy;
4469 const u8 core_rev = dev->dev->core_rev;
4470 u32 tmp;
4471 u8 analog_type;
4472 u8 phy_type;
4473 u8 phy_rev;
4474 u16 radio_manuf;
4475 u16 radio_id;
4476 u16 radio_rev;
4477 u8 radio_ver;
4478 int unsupported = 0;
4479
4480 /* Get PHY versioning */
4481 tmp = b43_read16(dev, B43_MMIO_PHY_VER);
4482 analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
4483 phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
4484 phy_rev = (tmp & B43_PHYVER_VERSION);
4485
4486 /* LCNXN is continuation of N which run out of revisions */
4487 if (phy_type == B43_PHYTYPE_LCNXN) {
4488 phy_type = B43_PHYTYPE_N;
4489 phy_rev += 16;
4490 }
4491
4492 switch (phy_type) {
4493#ifdef CONFIG_B43_PHY_G
4494 case B43_PHYTYPE_G:
4495 if (phy_rev > 9)
4496 unsupported = 1;
4497 break;
4498#endif
4499#ifdef CONFIG_B43_PHY_N
4500 case B43_PHYTYPE_N:
4501 if (phy_rev >= 19)
4502 unsupported = 1;
4503 break;
4504#endif
4505#ifdef CONFIG_B43_PHY_LP
4506 case B43_PHYTYPE_LP:
4507 if (phy_rev > 2)
4508 unsupported = 1;
4509 break;
4510#endif
4511#ifdef CONFIG_B43_PHY_HT
4512 case B43_PHYTYPE_HT:
4513 if (phy_rev > 1)
4514 unsupported = 1;
4515 break;
4516#endif
4517#ifdef CONFIG_B43_PHY_LCN
4518 case B43_PHYTYPE_LCN:
4519 if (phy_rev > 1)
4520 unsupported = 1;
4521 break;
4522#endif
4523#ifdef CONFIG_B43_PHY_AC
4524 case B43_PHYTYPE_AC:
4525 if (phy_rev > 1)
4526 unsupported = 1;
4527 break;
4528#endif
4529 default:
4530 unsupported = 1;
4531 }
4532 if (unsupported) {
4533 b43err(dev->wl, "FOUND UNSUPPORTED PHY (Analog %u, Type %d (%s), Revision %u)\n",
4534 analog_type, phy_type, b43_phy_name(dev, phy_type),
4535 phy_rev);
4536 return -EOPNOTSUPP;
4537 }
4538 b43info(dev->wl, "Found PHY: Analog %u, Type %d (%s), Revision %u\n",
4539 analog_type, phy_type, b43_phy_name(dev, phy_type), phy_rev);
4540
4541 /* Get RADIO versioning */
4542 if (core_rev == 40 || core_rev == 42) {
4543 radio_manuf = 0x17F;
4544
4545 b43_write16f(dev, B43_MMIO_RADIO24_CONTROL, 0);
4546 radio_rev = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4547
4548 b43_write16f(dev, B43_MMIO_RADIO24_CONTROL, 1);
4549 radio_id = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4550
4551 radio_ver = 0; /* Is there version somewhere? */
4552 } else if (core_rev >= 24) {
4553 u16 radio24[3];
4554
4555 for (tmp = 0; tmp < 3; tmp++) {
4556 b43_write16f(dev, B43_MMIO_RADIO24_CONTROL, tmp);
4557 radio24[tmp] = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4558 }
4559
4560 radio_manuf = 0x17F;
4561 radio_id = (radio24[2] << 8) | radio24[1];
4562 radio_rev = (radio24[0] & 0xF);
4563 radio_ver = (radio24[0] & 0xF0) >> 4;
4564 } else {
4565 if (dev->dev->chip_id == 0x4317) {
4566 if (dev->dev->chip_rev == 0)
4567 tmp = 0x3205017F;
4568 else if (dev->dev->chip_rev == 1)
4569 tmp = 0x4205017F;
4570 else
4571 tmp = 0x5205017F;
4572 } else {
4573 b43_write16f(dev, B43_MMIO_RADIO_CONTROL,
4574 B43_RADIOCTL_ID);
4575 tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
4576 b43_write16f(dev, B43_MMIO_RADIO_CONTROL,
4577 B43_RADIOCTL_ID);
4578 tmp |= b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH) << 16;
4579 }
4580 radio_manuf = (tmp & 0x00000FFF);
4581 radio_id = (tmp & 0x0FFFF000) >> 12;
4582 radio_rev = (tmp & 0xF0000000) >> 28;
4583 radio_ver = 0; /* Probably not available on old hw */
4584 }
4585
4586 if (radio_manuf != 0x17F /* Broadcom */)
4587 unsupported = 1;
4588 switch (phy_type) {
4589 case B43_PHYTYPE_B:
4590 if ((radio_id & 0xFFF0) != 0x2050)
4591 unsupported = 1;
4592 break;
4593 case B43_PHYTYPE_G:
4594 if (radio_id != 0x2050)
4595 unsupported = 1;
4596 break;
4597 case B43_PHYTYPE_N:
4598 if (radio_id != 0x2055 && radio_id != 0x2056 &&
4599 radio_id != 0x2057)
4600 unsupported = 1;
4601 if (radio_id == 0x2057 &&
4602 !(radio_rev == 9 || radio_rev == 14))
4603 unsupported = 1;
4604 break;
4605 case B43_PHYTYPE_LP:
4606 if (radio_id != 0x2062 && radio_id != 0x2063)
4607 unsupported = 1;
4608 break;
4609 case B43_PHYTYPE_HT:
4610 if (radio_id != 0x2059)
4611 unsupported = 1;
4612 break;
4613 case B43_PHYTYPE_LCN:
4614 if (radio_id != 0x2064)
4615 unsupported = 1;
4616 break;
4617 case B43_PHYTYPE_AC:
4618 if (radio_id != 0x2069)
4619 unsupported = 1;
4620 break;
4621 default:
4622 B43_WARN_ON(1);
4623 }
4624 if (unsupported) {
4625 b43err(dev->wl,
4626 "FOUND UNSUPPORTED RADIO (Manuf 0x%X, ID 0x%X, Revision %u, Version %u)\n",
4627 radio_manuf, radio_id, radio_rev, radio_ver);
4628 return -EOPNOTSUPP;
4629 }
4630 b43info(dev->wl,
4631 "Found Radio: Manuf 0x%X, ID 0x%X, Revision %u, Version %u\n",
4632 radio_manuf, radio_id, radio_rev, radio_ver);
4633
4634 /* FIXME: b43 treats "id" as "ver" and ignores the real "ver" */
4635 phy->radio_manuf = radio_manuf;
4636 phy->radio_ver = radio_id;
4637 phy->radio_rev = radio_rev;
4638
4639 phy->analog = analog_type;
4640 phy->type = phy_type;
4641 phy->rev = phy_rev;
4642
4643 return 0;
4644}
4645
4646static void setup_struct_phy_for_init(struct b43_wldev *dev,
4647 struct b43_phy *phy)
4648{
4649 phy->hardware_power_control = !!modparam_hwpctl;
4650 phy->next_txpwr_check_time = jiffies;
4651 /* PHY TX errors counter. */
4652 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
4653
4654#if B43_DEBUG
4655 phy->phy_locked = false;
4656 phy->radio_locked = false;
4657#endif
4658}
4659
4660static void setup_struct_wldev_for_init(struct b43_wldev *dev)
4661{
4662 dev->dfq_valid = false;
4663
4664 /* Assume the radio is enabled. If it's not enabled, the state will
4665 * immediately get fixed on the first periodic work run. */
4666 dev->radio_hw_enable = true;
4667
4668 /* Stats */
4669 memset(&dev->stats, 0, sizeof(dev->stats));
4670
4671 setup_struct_phy_for_init(dev, &dev->phy);
4672
4673 /* IRQ related flags */
4674 dev->irq_reason = 0;
4675 memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
4676 dev->irq_mask = B43_IRQ_MASKTEMPLATE;
4677 if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
4678 dev->irq_mask &= ~B43_IRQ_PHY_TXERR;
4679
4680 dev->mac_suspended = 1;
4681
4682 /* Noise calculation context */
4683 memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
4684}
4685
4686static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
4687{
4688 struct ssb_sprom *sprom = dev->dev->bus_sprom;
4689 u64 hf;
4690
4691 if (!modparam_btcoex)
4692 return;
4693 if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
4694 return;
4695 if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
4696 return;
4697
4698 hf = b43_hf_read(dev);
4699 if (sprom->boardflags_lo & B43_BFL_BTCMOD)
4700 hf |= B43_HF_BTCOEXALT;
4701 else
4702 hf |= B43_HF_BTCOEX;
4703 b43_hf_write(dev, hf);
4704}
4705
4706static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
4707{
4708 if (!modparam_btcoex)
4709 return;
4710 //TODO
4711}
4712
4713static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
4714{
4715 struct ssb_bus *bus;
4716 u32 tmp;
4717
4718#ifdef CONFIG_B43_SSB
4719 if (dev->dev->bus_type != B43_BUS_SSB)
4720 return;
4721#else
4722 return;
4723#endif
4724
4725 bus = dev->dev->sdev->bus;
4726
4727 if ((bus->chip_id == 0x4311 && bus->chip_rev == 2) ||
4728 (bus->chip_id == 0x4312)) {
4729 tmp = ssb_read32(dev->dev->sdev, SSB_IMCFGLO);
4730 tmp &= ~SSB_IMCFGLO_REQTO;
4731 tmp &= ~SSB_IMCFGLO_SERTO;
4732 tmp |= 0x3;
4733 ssb_write32(dev->dev->sdev, SSB_IMCFGLO, tmp);
4734 ssb_commit_settings(bus);
4735 }
4736}
4737
4738static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
4739{
4740 u16 pu_delay;
4741
4742 /* The time value is in microseconds. */
4743 pu_delay = 1050;
4744 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC) || idle)
4745 pu_delay = 500;
4746 if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
4747 pu_delay = max(pu_delay, (u16)2400);
4748
4749 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
4750}
4751
4752/* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
4753static void b43_set_pretbtt(struct b43_wldev *dev)
4754{
4755 u16 pretbtt;
4756
4757 /* The time value is in microseconds. */
4758 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
4759 pretbtt = 2;
4760 else
4761 pretbtt = 250;
4762 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
4763 b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
4764}
4765
4766/* Shutdown a wireless core */
4767/* Locking: wl->mutex */
4768static void b43_wireless_core_exit(struct b43_wldev *dev)
4769{
4770 B43_WARN_ON(dev && b43_status(dev) > B43_STAT_INITIALIZED);
4771 if (!dev || b43_status(dev) != B43_STAT_INITIALIZED)
4772 return;
4773
4774 b43_set_status(dev, B43_STAT_UNINIT);
4775
4776 /* Stop the microcode PSM. */
4777 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
4778 B43_MACCTL_PSM_JMP0);
4779
4780 switch (dev->dev->bus_type) {
4781#ifdef CONFIG_B43_BCMA
4782 case B43_BUS_BCMA:
4783 bcma_host_pci_down(dev->dev->bdev->bus);
4784 break;
4785#endif
4786#ifdef CONFIG_B43_SSB
4787 case B43_BUS_SSB:
4788 /* TODO */
4789 break;
4790#endif
4791 }
4792
4793 b43_dma_free(dev);
4794 b43_pio_free(dev);
4795 b43_chip_exit(dev);
4796 dev->phy.ops->switch_analog(dev, 0);
4797 if (dev->wl->current_beacon) {
4798 dev_kfree_skb_any(dev->wl->current_beacon);
4799 dev->wl->current_beacon = NULL;
4800 }
4801
4802 b43_device_disable(dev, 0);
4803 b43_bus_may_powerdown(dev);
4804}
4805
4806/* Initialize a wireless core */
4807static int b43_wireless_core_init(struct b43_wldev *dev)
4808{
4809 struct ssb_sprom *sprom = dev->dev->bus_sprom;
4810 struct b43_phy *phy = &dev->phy;
4811 int err;
4812 u64 hf;
4813
4814 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4815
4816 err = b43_bus_powerup(dev, 0);
4817 if (err)
4818 goto out;
4819 if (!b43_device_is_enabled(dev))
4820 b43_wireless_core_reset(dev, phy->gmode);
4821
4822 /* Reset all data structures. */
4823 setup_struct_wldev_for_init(dev);
4824 phy->ops->prepare_structs(dev);
4825
4826 /* Enable IRQ routing to this device. */
4827 switch (dev->dev->bus_type) {
4828#ifdef CONFIG_B43_BCMA
4829 case B43_BUS_BCMA:
4830 bcma_host_pci_irq_ctl(dev->dev->bdev->bus,
4831 dev->dev->bdev, true);
4832 bcma_host_pci_up(dev->dev->bdev->bus);
4833 break;
4834#endif
4835#ifdef CONFIG_B43_SSB
4836 case B43_BUS_SSB:
4837 ssb_pcicore_dev_irqvecs_enable(&dev->dev->sdev->bus->pcicore,
4838 dev->dev->sdev);
4839 break;
4840#endif
4841 }
4842
4843 b43_imcfglo_timeouts_workaround(dev);
4844 b43_bluetooth_coext_disable(dev);
4845 if (phy->ops->prepare_hardware) {
4846 err = phy->ops->prepare_hardware(dev);
4847 if (err)
4848 goto err_busdown;
4849 }
4850 err = b43_chip_init(dev);
4851 if (err)
4852 goto err_busdown;
4853 b43_shm_write16(dev, B43_SHM_SHARED,
4854 B43_SHM_SH_WLCOREREV, dev->dev->core_rev);
4855 hf = b43_hf_read(dev);
4856 if (phy->type == B43_PHYTYPE_G) {
4857 hf |= B43_HF_SYMW;
4858 if (phy->rev == 1)
4859 hf |= B43_HF_GDCW;
4860 if (sprom->boardflags_lo & B43_BFL_PACTRL)
4861 hf |= B43_HF_OFDMPABOOST;
4862 }
4863 if (phy->radio_ver == 0x2050) {
4864 if (phy->radio_rev == 6)
4865 hf |= B43_HF_4318TSSI;
4866 if (phy->radio_rev < 6)
4867 hf |= B43_HF_VCORECALC;
4868 }
4869 if (sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW)
4870 hf |= B43_HF_DSCRQ; /* Disable slowclock requests from ucode. */
4871#if defined(CONFIG_B43_SSB) && defined(CONFIG_SSB_DRIVER_PCICORE)
4872 if (dev->dev->bus_type == B43_BUS_SSB &&
4873 dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI &&
4874 dev->dev->sdev->bus->pcicore.dev->id.revision <= 10)
4875 hf |= B43_HF_PCISCW; /* PCI slow clock workaround. */
4876#endif
4877 hf &= ~B43_HF_SKCFPUP;
4878 b43_hf_write(dev, hf);
4879
4880 /* tell the ucode MAC capabilities */
4881 if (dev->dev->core_rev >= 13) {
4882 u32 mac_hw_cap = b43_read32(dev, B43_MMIO_MAC_HW_CAP);
4883
4884 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_MACHW_L,
4885 mac_hw_cap & 0xffff);
4886 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_MACHW_H,
4887 (mac_hw_cap >> 16) & 0xffff);
4888 }
4889
4890 b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4891 B43_DEFAULT_LONG_RETRY_LIMIT);
4892 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4893 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4894
4895 /* Disable sending probe responses from firmware.
4896 * Setting the MaxTime to one usec will always trigger
4897 * a timeout, so we never send any probe resp.
4898 * A timeout of zero is infinite. */
4899 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4900
4901 b43_rate_memory_init(dev);
4902 b43_set_phytxctl_defaults(dev);
4903
4904 /* Minimum Contention Window */
4905 if (phy->type == B43_PHYTYPE_B)
4906 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4907 else
4908 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4909 /* Maximum Contention Window */
4910 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4911
4912 /* write phytype and phyvers */
4913 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PHYTYPE, phy->type);
4914 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PHYVER, phy->rev);
4915
4916 if (b43_bus_host_is_pcmcia(dev->dev) ||
4917 b43_bus_host_is_sdio(dev->dev)) {
4918 dev->__using_pio_transfers = true;
4919 err = b43_pio_init(dev);
4920 } else if (dev->use_pio) {
4921 b43warn(dev->wl, "Forced PIO by use_pio module parameter. "
4922 "This should not be needed and will result in lower "
4923 "performance.\n");
4924 dev->__using_pio_transfers = true;
4925 err = b43_pio_init(dev);
4926 } else {
4927 dev->__using_pio_transfers = false;
4928 err = b43_dma_init(dev);
4929 }
4930 if (err)
4931 goto err_chip_exit;
4932 b43_qos_init(dev);
4933 b43_set_synth_pu_delay(dev, 1);
4934 b43_bluetooth_coext_enable(dev);
4935
4936 b43_bus_powerup(dev, !(sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW));
4937 b43_upload_card_macaddress(dev);
4938 b43_security_init(dev);
4939
4940 ieee80211_wake_queues(dev->wl->hw);
4941
4942 b43_set_status(dev, B43_STAT_INITIALIZED);
4943
4944out:
4945 return err;
4946
4947err_chip_exit:
4948 b43_chip_exit(dev);
4949err_busdown:
4950 b43_bus_may_powerdown(dev);
4951 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4952 return err;
4953}
4954
4955static int b43_op_add_interface(struct ieee80211_hw *hw,
4956 struct ieee80211_vif *vif)
4957{
4958 struct b43_wl *wl = hw_to_b43_wl(hw);
4959 struct b43_wldev *dev;
4960 int err = -EOPNOTSUPP;
4961
4962 /* TODO: allow WDS/AP devices to coexist */
4963
4964 if (vif->type != NL80211_IFTYPE_AP &&
4965 vif->type != NL80211_IFTYPE_MESH_POINT &&
4966 vif->type != NL80211_IFTYPE_STATION &&
4967 vif->type != NL80211_IFTYPE_WDS &&
4968 vif->type != NL80211_IFTYPE_ADHOC)
4969 return -EOPNOTSUPP;
4970
4971 mutex_lock(&wl->mutex);
4972 if (wl->operating)
4973 goto out_mutex_unlock;
4974
4975 b43dbg(wl, "Adding Interface type %d\n", vif->type);
4976
4977 dev = wl->current_dev;
4978 wl->operating = true;
4979 wl->vif = vif;
4980 wl->if_type = vif->type;
4981 memcpy(wl->mac_addr, vif->addr, ETH_ALEN);
4982
4983 b43_adjust_opmode(dev);
4984 b43_set_pretbtt(dev);
4985 b43_set_synth_pu_delay(dev, 0);
4986 b43_upload_card_macaddress(dev);
4987
4988 err = 0;
4989 out_mutex_unlock:
4990 mutex_unlock(&wl->mutex);
4991
4992 if (err == 0)
4993 b43_op_bss_info_changed(hw, vif, &vif->bss_conf, ~0);
4994
4995 return err;
4996}
4997
4998static void b43_op_remove_interface(struct ieee80211_hw *hw,
4999 struct ieee80211_vif *vif)
5000{
5001 struct b43_wl *wl = hw_to_b43_wl(hw);
5002 struct b43_wldev *dev = wl->current_dev;
5003
5004 b43dbg(wl, "Removing Interface type %d\n", vif->type);
5005
5006 mutex_lock(&wl->mutex);
5007
5008 B43_WARN_ON(!wl->operating);
5009 B43_WARN_ON(wl->vif != vif);
5010 wl->vif = NULL;
5011
5012 wl->operating = false;
5013
5014 b43_adjust_opmode(dev);
5015 eth_zero_addr(wl->mac_addr);
5016 b43_upload_card_macaddress(dev);
5017
5018 mutex_unlock(&wl->mutex);
5019}
5020
5021static int b43_op_start(struct ieee80211_hw *hw)
5022{
5023 struct b43_wl *wl = hw_to_b43_wl(hw);
5024 struct b43_wldev *dev = wl->current_dev;
5025 int did_init = 0;
5026 int err = 0;
5027
5028 /* Kill all old instance specific information to make sure
5029 * the card won't use it in the short timeframe between start
5030 * and mac80211 reconfiguring it. */
5031 eth_zero_addr(wl->bssid);
5032 eth_zero_addr(wl->mac_addr);
5033 wl->filter_flags = 0;
5034 wl->radiotap_enabled = false;
5035 b43_qos_clear(wl);
5036 wl->beacon0_uploaded = false;
5037 wl->beacon1_uploaded = false;
5038 wl->beacon_templates_virgin = true;
5039 wl->radio_enabled = true;
5040
5041 mutex_lock(&wl->mutex);
5042
5043 if (b43_status(dev) < B43_STAT_INITIALIZED) {
5044 err = b43_wireless_core_init(dev);
5045 if (err)
5046 goto out_mutex_unlock;
5047 did_init = 1;
5048 }
5049
5050 if (b43_status(dev) < B43_STAT_STARTED) {
5051 err = b43_wireless_core_start(dev);
5052 if (err) {
5053 if (did_init)
5054 b43_wireless_core_exit(dev);
5055 goto out_mutex_unlock;
5056 }
5057 }
5058
5059 /* XXX: only do if device doesn't support rfkill irq */
5060 wiphy_rfkill_start_polling(hw->wiphy);
5061
5062 out_mutex_unlock:
5063 mutex_unlock(&wl->mutex);
5064
5065 /*
5066 * Configuration may have been overwritten during initialization.
5067 * Reload the configuration, but only if initialization was
5068 * successful. Reloading the configuration after a failed init
5069 * may hang the system.
5070 */
5071 if (!err)
5072 b43_op_config(hw, ~0);
5073
5074 return err;
5075}
5076
5077static void b43_op_stop(struct ieee80211_hw *hw)
5078{
5079 struct b43_wl *wl = hw_to_b43_wl(hw);
5080 struct b43_wldev *dev = wl->current_dev;
5081
5082 cancel_work_sync(&(wl->beacon_update_trigger));
5083
5084 if (!dev)
5085 goto out;
5086
5087 mutex_lock(&wl->mutex);
5088 if (b43_status(dev) >= B43_STAT_STARTED) {
5089 dev = b43_wireless_core_stop(dev);
5090 if (!dev)
5091 goto out_unlock;
5092 }
5093 b43_wireless_core_exit(dev);
5094 wl->radio_enabled = false;
5095
5096out_unlock:
5097 mutex_unlock(&wl->mutex);
5098out:
5099 cancel_work_sync(&(wl->txpower_adjust_work));
5100}
5101
5102static int b43_op_beacon_set_tim(struct ieee80211_hw *hw,
5103 struct ieee80211_sta *sta, bool set)
5104{
5105 struct b43_wl *wl = hw_to_b43_wl(hw);
5106
5107 b43_update_templates(wl);
5108
5109 return 0;
5110}
5111
5112static void b43_op_sta_notify(struct ieee80211_hw *hw,
5113 struct ieee80211_vif *vif,
5114 enum sta_notify_cmd notify_cmd,
5115 struct ieee80211_sta *sta)
5116{
5117 struct b43_wl *wl = hw_to_b43_wl(hw);
5118
5119 B43_WARN_ON(!vif || wl->vif != vif);
5120}
5121
5122static void b43_op_sw_scan_start_notifier(struct ieee80211_hw *hw,
5123 struct ieee80211_vif *vif,
5124 const u8 *mac_addr)
5125{
5126 struct b43_wl *wl = hw_to_b43_wl(hw);
5127 struct b43_wldev *dev;
5128
5129 mutex_lock(&wl->mutex);
5130 dev = wl->current_dev;
5131 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
5132 /* Disable CFP update during scan on other channels. */
5133 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_SKCFPUP);
5134 }
5135 mutex_unlock(&wl->mutex);
5136}
5137
5138static void b43_op_sw_scan_complete_notifier(struct ieee80211_hw *hw,
5139 struct ieee80211_vif *vif)
5140{
5141 struct b43_wl *wl = hw_to_b43_wl(hw);
5142 struct b43_wldev *dev;
5143
5144 mutex_lock(&wl->mutex);
5145 dev = wl->current_dev;
5146 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
5147 /* Re-enable CFP update. */
5148 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_SKCFPUP);
5149 }
5150 mutex_unlock(&wl->mutex);
5151}
5152
5153static int b43_op_get_survey(struct ieee80211_hw *hw, int idx,
5154 struct survey_info *survey)
5155{
5156 struct b43_wl *wl = hw_to_b43_wl(hw);
5157 struct b43_wldev *dev = wl->current_dev;
5158 struct ieee80211_conf *conf = &hw->conf;
5159
5160 if (idx != 0)
5161 return -ENOENT;
5162
5163 survey->channel = conf->chandef.chan;
5164 survey->filled = SURVEY_INFO_NOISE_DBM;
5165 survey->noise = dev->stats.link_noise;
5166
5167 return 0;
5168}
5169
5170static const struct ieee80211_ops b43_hw_ops = {
5171 .tx = b43_op_tx,
5172 .conf_tx = b43_op_conf_tx,
5173 .add_interface = b43_op_add_interface,
5174 .remove_interface = b43_op_remove_interface,
5175 .config = b43_op_config,
5176 .bss_info_changed = b43_op_bss_info_changed,
5177 .configure_filter = b43_op_configure_filter,
5178 .set_key = b43_op_set_key,
5179 .update_tkip_key = b43_op_update_tkip_key,
5180 .get_stats = b43_op_get_stats,
5181 .get_tsf = b43_op_get_tsf,
5182 .set_tsf = b43_op_set_tsf,
5183 .start = b43_op_start,
5184 .stop = b43_op_stop,
5185 .set_tim = b43_op_beacon_set_tim,
5186 .sta_notify = b43_op_sta_notify,
5187 .sw_scan_start = b43_op_sw_scan_start_notifier,
5188 .sw_scan_complete = b43_op_sw_scan_complete_notifier,
5189 .get_survey = b43_op_get_survey,
5190 .rfkill_poll = b43_rfkill_poll,
5191};
5192
5193/* Hard-reset the chip. Do not call this directly.
5194 * Use b43_controller_restart()
5195 */
5196static void b43_chip_reset(struct work_struct *work)
5197{
5198 struct b43_wldev *dev =
5199 container_of(work, struct b43_wldev, restart_work);
5200 struct b43_wl *wl = dev->wl;
5201 int err = 0;
5202 int prev_status;
5203
5204 mutex_lock(&wl->mutex);
5205
5206 prev_status = b43_status(dev);
5207 /* Bring the device down... */
5208 if (prev_status >= B43_STAT_STARTED) {
5209 dev = b43_wireless_core_stop(dev);
5210 if (!dev) {
5211 err = -ENODEV;
5212 goto out;
5213 }
5214 }
5215 if (prev_status >= B43_STAT_INITIALIZED)
5216 b43_wireless_core_exit(dev);
5217
5218 /* ...and up again. */
5219 if (prev_status >= B43_STAT_INITIALIZED) {
5220 err = b43_wireless_core_init(dev);
5221 if (err)
5222 goto out;
5223 }
5224 if (prev_status >= B43_STAT_STARTED) {
5225 err = b43_wireless_core_start(dev);
5226 if (err) {
5227 b43_wireless_core_exit(dev);
5228 goto out;
5229 }
5230 }
5231out:
5232 if (err)
5233 wl->current_dev = NULL; /* Failed to init the dev. */
5234 mutex_unlock(&wl->mutex);
5235
5236 if (err) {
5237 b43err(wl, "Controller restart FAILED\n");
5238 return;
5239 }
5240
5241 /* reload configuration */
5242 b43_op_config(wl->hw, ~0);
5243 if (wl->vif)
5244 b43_op_bss_info_changed(wl->hw, wl->vif, &wl->vif->bss_conf, ~0);
5245
5246 b43info(wl, "Controller restarted\n");
5247}
5248
5249static int b43_setup_bands(struct b43_wldev *dev,
5250 bool have_2ghz_phy, bool have_5ghz_phy)
5251{
5252 struct ieee80211_hw *hw = dev->wl->hw;
5253 struct b43_phy *phy = &dev->phy;
5254 bool limited_2g;
5255 bool limited_5g;
5256
5257 /* We don't support all 2 GHz channels on some devices */
5258 limited_2g = phy->radio_ver == 0x2057 &&
5259 (phy->radio_rev == 9 || phy->radio_rev == 14);
5260 limited_5g = phy->radio_ver == 0x2057 &&
5261 phy->radio_rev == 9;
5262
5263 if (have_2ghz_phy)
5264 hw->wiphy->bands[NL80211_BAND_2GHZ] = limited_2g ?
5265 &b43_band_2ghz_limited : &b43_band_2GHz;
5266 if (dev->phy.type == B43_PHYTYPE_N) {
5267 if (have_5ghz_phy)
5268 hw->wiphy->bands[NL80211_BAND_5GHZ] = limited_5g ?
5269 &b43_band_5GHz_nphy_limited :
5270 &b43_band_5GHz_nphy;
5271 } else {
5272 if (have_5ghz_phy)
5273 hw->wiphy->bands[NL80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
5274 }
5275
5276 dev->phy.supports_2ghz = have_2ghz_phy;
5277 dev->phy.supports_5ghz = have_5ghz_phy;
5278
5279 return 0;
5280}
5281
5282static void b43_wireless_core_detach(struct b43_wldev *dev)
5283{
5284 /* We release firmware that late to not be required to re-request
5285 * is all the time when we reinit the core. */
5286 b43_release_firmware(dev);
5287 b43_phy_free(dev);
5288}
5289
5290static void b43_supported_bands(struct b43_wldev *dev, bool *have_2ghz_phy,
5291 bool *have_5ghz_phy)
5292{
5293 u16 dev_id = 0;
5294
5295#ifdef CONFIG_B43_BCMA
5296 if (dev->dev->bus_type == B43_BUS_BCMA &&
5297 dev->dev->bdev->bus->hosttype == BCMA_HOSTTYPE_PCI)
5298 dev_id = dev->dev->bdev->bus->host_pci->device;
5299#endif
5300#ifdef CONFIG_B43_SSB
5301 if (dev->dev->bus_type == B43_BUS_SSB &&
5302 dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI)
5303 dev_id = dev->dev->sdev->bus->host_pci->device;
5304#endif
5305 /* Override with SPROM value if available */
5306 if (dev->dev->bus_sprom->dev_id)
5307 dev_id = dev->dev->bus_sprom->dev_id;
5308
5309 /* Note: below IDs can be "virtual" (not maching e.g. real PCI ID) */
5310 switch (dev_id) {
5311 case 0x4324: /* BCM4306 */
5312 case 0x4312: /* BCM4311 */
5313 case 0x4319: /* BCM4318 */
5314 case 0x4328: /* BCM4321 */
5315 case 0x432b: /* BCM4322 */
5316 case 0x4350: /* BCM43222 */
5317 case 0x4353: /* BCM43224 */
5318 case 0x0576: /* BCM43224 */
5319 case 0x435f: /* BCM6362 */
5320 case 0x4331: /* BCM4331 */
5321 case 0x4359: /* BCM43228 */
5322 case 0x43a0: /* BCM4360 */
5323 case 0x43b1: /* BCM4352 */
5324 /* Dual band devices */
5325 *have_2ghz_phy = true;
5326 *have_5ghz_phy = true;
5327 return;
5328 case 0x4321: /* BCM4306 */
5329 /* There are 14e4:4321 PCI devs with 2.4 GHz BCM4321 (N-PHY) */
5330 if (dev->phy.type != B43_PHYTYPE_G)
5331 break;
5332 /* fall through */
5333 case 0x4313: /* BCM4311 */
5334 case 0x431a: /* BCM4318 */
5335 case 0x432a: /* BCM4321 */
5336 case 0x432d: /* BCM4322 */
5337 case 0x4352: /* BCM43222 */
5338 case 0x435a: /* BCM43228 */
5339 case 0x4333: /* BCM4331 */
5340 case 0x43a2: /* BCM4360 */
5341 case 0x43b3: /* BCM4352 */
5342 /* 5 GHz only devices */
5343 *have_2ghz_phy = false;
5344 *have_5ghz_phy = true;
5345 return;
5346 }
5347
5348 /* As a fallback, try to guess using PHY type */
5349 switch (dev->phy.type) {
5350 case B43_PHYTYPE_G:
5351 case B43_PHYTYPE_N:
5352 case B43_PHYTYPE_LP:
5353 case B43_PHYTYPE_HT:
5354 case B43_PHYTYPE_LCN:
5355 *have_2ghz_phy = true;
5356 *have_5ghz_phy = false;
5357 return;
5358 }
5359
5360 B43_WARN_ON(1);
5361}
5362
5363static int b43_wireless_core_attach(struct b43_wldev *dev)
5364{
5365 struct b43_wl *wl = dev->wl;
5366 struct b43_phy *phy = &dev->phy;
5367 int err;
5368 u32 tmp;
5369 bool have_2ghz_phy = false, have_5ghz_phy = false;
5370
5371 /* Do NOT do any device initialization here.
5372 * Do it in wireless_core_init() instead.
5373 * This function is for gathering basic information about the HW, only.
5374 * Also some structs may be set up here. But most likely you want to have
5375 * that in core_init(), too.
5376 */
5377
5378 err = b43_bus_powerup(dev, 0);
5379 if (err) {
5380 b43err(wl, "Bus powerup failed\n");
5381 goto out;
5382 }
5383
5384 phy->do_full_init = true;
5385
5386 /* Try to guess supported bands for the first init needs */
5387 switch (dev->dev->bus_type) {
5388#ifdef CONFIG_B43_BCMA
5389 case B43_BUS_BCMA:
5390 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOST);
5391 have_2ghz_phy = !!(tmp & B43_BCMA_IOST_2G_PHY);
5392 have_5ghz_phy = !!(tmp & B43_BCMA_IOST_5G_PHY);
5393 break;
5394#endif
5395#ifdef CONFIG_B43_SSB
5396 case B43_BUS_SSB:
5397 if (dev->dev->core_rev >= 5) {
5398 tmp = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
5399 have_2ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_2GHZ_PHY);
5400 have_5ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_5GHZ_PHY);
5401 } else
5402 B43_WARN_ON(1);
5403 break;
5404#endif
5405 }
5406
5407 dev->phy.gmode = have_2ghz_phy;
5408 b43_wireless_core_reset(dev, dev->phy.gmode);
5409
5410 /* Get the PHY type. */
5411 err = b43_phy_versioning(dev);
5412 if (err)
5413 goto err_powerdown;
5414
5415 /* Get real info about supported bands */
5416 b43_supported_bands(dev, &have_2ghz_phy, &have_5ghz_phy);
5417
5418 /* We don't support 5 GHz on some PHYs yet */
5419 if (have_5ghz_phy) {
5420 switch (dev->phy.type) {
5421 case B43_PHYTYPE_G:
5422 case B43_PHYTYPE_LP:
5423 case B43_PHYTYPE_HT:
5424 b43warn(wl, "5 GHz band is unsupported on this PHY\n");
5425 have_5ghz_phy = false;
5426 }
5427 }
5428
5429 if (!have_2ghz_phy && !have_5ghz_phy) {
5430 b43err(wl, "b43 can't support any band on this device\n");
5431 err = -EOPNOTSUPP;
5432 goto err_powerdown;
5433 }
5434
5435 err = b43_phy_allocate(dev);
5436 if (err)
5437 goto err_powerdown;
5438
5439 dev->phy.gmode = have_2ghz_phy;
5440 b43_wireless_core_reset(dev, dev->phy.gmode);
5441
5442 err = b43_validate_chipaccess(dev);
5443 if (err)
5444 goto err_phy_free;
5445 err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
5446 if (err)
5447 goto err_phy_free;
5448
5449 /* Now set some default "current_dev" */
5450 if (!wl->current_dev)
5451 wl->current_dev = dev;
5452 INIT_WORK(&dev->restart_work, b43_chip_reset);
5453
5454 dev->phy.ops->switch_analog(dev, 0);
5455 b43_device_disable(dev, 0);
5456 b43_bus_may_powerdown(dev);
5457
5458out:
5459 return err;
5460
5461err_phy_free:
5462 b43_phy_free(dev);
5463err_powerdown:
5464 b43_bus_may_powerdown(dev);
5465 return err;
5466}
5467
5468static void b43_one_core_detach(struct b43_bus_dev *dev)
5469{
5470 struct b43_wldev *wldev;
5471
5472 /* Do not cancel ieee80211-workqueue based work here.
5473 * See comment in b43_remove(). */
5474
5475 wldev = b43_bus_get_wldev(dev);
5476 b43_debugfs_remove_device(wldev);
5477 b43_wireless_core_detach(wldev);
5478 list_del(&wldev->list);
5479 b43_bus_set_wldev(dev, NULL);
5480 kfree(wldev);
5481}
5482
5483static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl)
5484{
5485 struct b43_wldev *wldev;
5486 int err = -ENOMEM;
5487
5488 wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
5489 if (!wldev)
5490 goto out;
5491
5492 wldev->use_pio = b43_modparam_pio;
5493 wldev->dev = dev;
5494 wldev->wl = wl;
5495 b43_set_status(wldev, B43_STAT_UNINIT);
5496 wldev->bad_frames_preempt = modparam_bad_frames_preempt;
5497 INIT_LIST_HEAD(&wldev->list);
5498
5499 err = b43_wireless_core_attach(wldev);
5500 if (err)
5501 goto err_kfree_wldev;
5502
5503 b43_bus_set_wldev(dev, wldev);
5504 b43_debugfs_add_device(wldev);
5505
5506 out:
5507 return err;
5508
5509 err_kfree_wldev:
5510 kfree(wldev);
5511 return err;
5512}
5513
5514#define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice) ( \
5515 (pdev->vendor == PCI_VENDOR_ID_##_vendor) && \
5516 (pdev->device == _device) && \
5517 (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) && \
5518 (pdev->subsystem_device == _subdevice) )
5519
5520#ifdef CONFIG_B43_SSB
5521static void b43_sprom_fixup(struct ssb_bus *bus)
5522{
5523 struct pci_dev *pdev;
5524
5525 /* boardflags workarounds */
5526 if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
5527 bus->chip_id == 0x4301 && bus->sprom.board_rev == 0x74)
5528 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
5529 if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
5530 bus->boardinfo.type == 0x4E && bus->sprom.board_rev > 0x40)
5531 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
5532 if (bus->bustype == SSB_BUSTYPE_PCI) {
5533 pdev = bus->host_pci;
5534 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
5535 IS_PDEV(pdev, BROADCOM, 0x4320, DELL, 0x0003) ||
5536 IS_PDEV(pdev, BROADCOM, 0x4320, HP, 0x12f8) ||
5537 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
5538 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0014) ||
5539 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013) ||
5540 IS_PDEV(pdev, BROADCOM, 0x4320, MOTOROLA, 0x7010))
5541 bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
5542 }
5543}
5544
5545static void b43_wireless_exit(struct b43_bus_dev *dev, struct b43_wl *wl)
5546{
5547 struct ieee80211_hw *hw = wl->hw;
5548
5549 ssb_set_devtypedata(dev->sdev, NULL);
5550 ieee80211_free_hw(hw);
5551}
5552#endif
5553
5554static struct b43_wl *b43_wireless_init(struct b43_bus_dev *dev)
5555{
5556 struct ssb_sprom *sprom = dev->bus_sprom;
5557 struct ieee80211_hw *hw;
5558 struct b43_wl *wl;
5559 char chip_name[6];
5560 int queue_num;
5561
5562 hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
5563 if (!hw) {
5564 b43err(NULL, "Could not allocate ieee80211 device\n");
5565 return ERR_PTR(-ENOMEM);
5566 }
5567 wl = hw_to_b43_wl(hw);
5568
5569 /* fill hw info */
5570 ieee80211_hw_set(hw, RX_INCLUDES_FCS);
5571 ieee80211_hw_set(hw, SIGNAL_DBM);
5572
5573 hw->wiphy->interface_modes =
5574 BIT(NL80211_IFTYPE_AP) |
5575 BIT(NL80211_IFTYPE_MESH_POINT) |
5576 BIT(NL80211_IFTYPE_STATION) |
5577#ifdef CONFIG_WIRELESS_WDS
5578 BIT(NL80211_IFTYPE_WDS) |
5579#endif
5580 BIT(NL80211_IFTYPE_ADHOC);
5581
5582 hw->wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
5583
5584 wiphy_ext_feature_set(hw->wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST);
5585
5586 wl->hw_registered = false;
5587 hw->max_rates = 2;
5588 SET_IEEE80211_DEV(hw, dev->dev);
5589 if (is_valid_ether_addr(sprom->et1mac))
5590 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
5591 else
5592 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
5593
5594 /* Initialize struct b43_wl */
5595 wl->hw = hw;
5596 mutex_init(&wl->mutex);
5597 spin_lock_init(&wl->hardirq_lock);
5598 spin_lock_init(&wl->beacon_lock);
5599 INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
5600 INIT_WORK(&wl->txpower_adjust_work, b43_phy_txpower_adjust_work);
5601 INIT_WORK(&wl->tx_work, b43_tx_work);
5602
5603 /* Initialize queues and flags. */
5604 for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
5605 skb_queue_head_init(&wl->tx_queue[queue_num]);
5606 wl->tx_queue_stopped[queue_num] = 0;
5607 }
5608
5609 snprintf(chip_name, ARRAY_SIZE(chip_name),
5610 (dev->chip_id > 0x9999) ? "%d" : "%04X", dev->chip_id);
5611 b43info(wl, "Broadcom %s WLAN found (core revision %u)\n", chip_name,
5612 dev->core_rev);
5613 return wl;
5614}
5615
5616#ifdef CONFIG_B43_BCMA
5617static int b43_bcma_probe(struct bcma_device *core)
5618{
5619 struct b43_bus_dev *dev;
5620 struct b43_wl *wl;
5621 int err;
5622
5623 if (!modparam_allhwsupport &&
5624 (core->id.rev == 0x17 || core->id.rev == 0x18)) {
5625 pr_err("Support for cores revisions 0x17 and 0x18 disabled by module param allhwsupport=0. Try b43.allhwsupport=1\n");
5626 return -ENOTSUPP;
5627 }
5628
5629 dev = b43_bus_dev_bcma_init(core);
5630 if (!dev)
5631 return -ENODEV;
5632
5633 wl = b43_wireless_init(dev);
5634 if (IS_ERR(wl)) {
5635 err = PTR_ERR(wl);
5636 goto bcma_out;
5637 }
5638
5639 err = b43_one_core_attach(dev, wl);
5640 if (err)
5641 goto bcma_err_wireless_exit;
5642
5643 /* setup and start work to load firmware */
5644 INIT_WORK(&wl->firmware_load, b43_request_firmware);
5645 schedule_work(&wl->firmware_load);
5646
5647 return err;
5648
5649bcma_err_wireless_exit:
5650 ieee80211_free_hw(wl->hw);
5651bcma_out:
5652 kfree(dev);
5653 return err;
5654}
5655
5656static void b43_bcma_remove(struct bcma_device *core)
5657{
5658 struct b43_wldev *wldev = bcma_get_drvdata(core);
5659 struct b43_wl *wl = wldev->wl;
5660
5661 /* We must cancel any work here before unregistering from ieee80211,
5662 * as the ieee80211 unreg will destroy the workqueue. */
5663 cancel_work_sync(&wldev->restart_work);
5664 cancel_work_sync(&wl->firmware_load);
5665
5666 B43_WARN_ON(!wl);
5667 if (!wldev->fw.ucode.data)
5668 return; /* NULL if firmware never loaded */
5669 if (wl->current_dev == wldev && wl->hw_registered) {
5670 b43_leds_stop(wldev);
5671 ieee80211_unregister_hw(wl->hw);
5672 }
5673
5674 b43_one_core_detach(wldev->dev);
5675
5676 /* Unregister HW RNG driver */
5677 b43_rng_exit(wl);
5678
5679 b43_leds_unregister(wl);
5680 ieee80211_free_hw(wl->hw);
5681 kfree(wldev->dev);
5682}
5683
5684static struct bcma_driver b43_bcma_driver = {
5685 .name = KBUILD_MODNAME,
5686 .id_table = b43_bcma_tbl,
5687 .probe = b43_bcma_probe,
5688 .remove = b43_bcma_remove,
5689};
5690#endif
5691
5692#ifdef CONFIG_B43_SSB
5693static
5694int b43_ssb_probe(struct ssb_device *sdev, const struct ssb_device_id *id)
5695{
5696 struct b43_bus_dev *dev;
5697 struct b43_wl *wl;
5698 int err;
5699
5700 dev = b43_bus_dev_ssb_init(sdev);
5701 if (!dev)
5702 return -ENOMEM;
5703
5704 wl = ssb_get_devtypedata(sdev);
5705 if (wl) {
5706 b43err(NULL, "Dual-core devices are not supported\n");
5707 err = -ENOTSUPP;
5708 goto err_ssb_kfree_dev;
5709 }
5710
5711 b43_sprom_fixup(sdev->bus);
5712
5713 wl = b43_wireless_init(dev);
5714 if (IS_ERR(wl)) {
5715 err = PTR_ERR(wl);
5716 goto err_ssb_kfree_dev;
5717 }
5718 ssb_set_devtypedata(sdev, wl);
5719 B43_WARN_ON(ssb_get_devtypedata(sdev) != wl);
5720
5721 err = b43_one_core_attach(dev, wl);
5722 if (err)
5723 goto err_ssb_wireless_exit;
5724
5725 /* setup and start work to load firmware */
5726 INIT_WORK(&wl->firmware_load, b43_request_firmware);
5727 schedule_work(&wl->firmware_load);
5728
5729 return err;
5730
5731err_ssb_wireless_exit:
5732 b43_wireless_exit(dev, wl);
5733err_ssb_kfree_dev:
5734 kfree(dev);
5735 return err;
5736}
5737
5738static void b43_ssb_remove(struct ssb_device *sdev)
5739{
5740 struct b43_wl *wl = ssb_get_devtypedata(sdev);
5741 struct b43_wldev *wldev = ssb_get_drvdata(sdev);
5742 struct b43_bus_dev *dev = wldev->dev;
5743
5744 /* We must cancel any work here before unregistering from ieee80211,
5745 * as the ieee80211 unreg will destroy the workqueue. */
5746 cancel_work_sync(&wldev->restart_work);
5747 cancel_work_sync(&wl->firmware_load);
5748
5749 B43_WARN_ON(!wl);
5750 if (!wldev->fw.ucode.data)
5751 return; /* NULL if firmware never loaded */
5752 if (wl->current_dev == wldev && wl->hw_registered) {
5753 b43_leds_stop(wldev);
5754 ieee80211_unregister_hw(wl->hw);
5755 }
5756
5757 b43_one_core_detach(dev);
5758
5759 /* Unregister HW RNG driver */
5760 b43_rng_exit(wl);
5761
5762 b43_leds_unregister(wl);
5763 b43_wireless_exit(dev, wl);
5764 kfree(dev);
5765}
5766
5767static struct ssb_driver b43_ssb_driver = {
5768 .name = KBUILD_MODNAME,
5769 .id_table = b43_ssb_tbl,
5770 .probe = b43_ssb_probe,
5771 .remove = b43_ssb_remove,
5772};
5773#endif /* CONFIG_B43_SSB */
5774
5775/* Perform a hardware reset. This can be called from any context. */
5776void b43_controller_restart(struct b43_wldev *dev, const char *reason)
5777{
5778 /* Must avoid requeueing, if we are in shutdown. */
5779 if (b43_status(dev) < B43_STAT_INITIALIZED)
5780 return;
5781 b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
5782 ieee80211_queue_work(dev->wl->hw, &dev->restart_work);
5783}
5784
5785static void b43_print_driverinfo(void)
5786{
5787 const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
5788 *feat_leds = "", *feat_sdio = "";
5789
5790#ifdef CONFIG_B43_PCI_AUTOSELECT
5791 feat_pci = "P";
5792#endif
5793#ifdef CONFIG_B43_PCMCIA
5794 feat_pcmcia = "M";
5795#endif
5796#ifdef CONFIG_B43_PHY_N
5797 feat_nphy = "N";
5798#endif
5799#ifdef CONFIG_B43_LEDS
5800 feat_leds = "L";
5801#endif
5802#ifdef CONFIG_B43_SDIO
5803 feat_sdio = "S";
5804#endif
5805 printk(KERN_INFO "Broadcom 43xx driver loaded "
5806 "[ Features: %s%s%s%s%s ]\n",
5807 feat_pci, feat_pcmcia, feat_nphy,
5808 feat_leds, feat_sdio);
5809}
5810
5811static int __init b43_init(void)
5812{
5813 int err;
5814
5815 b43_debugfs_init();
5816 err = b43_sdio_init();
5817 if (err)
5818 goto err_dfs_exit;
5819#ifdef CONFIG_B43_BCMA
5820 err = bcma_driver_register(&b43_bcma_driver);
5821 if (err)
5822 goto err_sdio_exit;
5823#endif
5824#ifdef CONFIG_B43_SSB
5825 err = ssb_driver_register(&b43_ssb_driver);
5826 if (err)
5827 goto err_bcma_driver_exit;
5828#endif
5829 b43_print_driverinfo();
5830
5831 return err;
5832
5833#ifdef CONFIG_B43_SSB
5834err_bcma_driver_exit:
5835#endif
5836#ifdef CONFIG_B43_BCMA
5837 bcma_driver_unregister(&b43_bcma_driver);
5838err_sdio_exit:
5839#endif
5840 b43_sdio_exit();
5841err_dfs_exit:
5842 b43_debugfs_exit();
5843 return err;
5844}
5845
5846static void __exit b43_exit(void)
5847{
5848#ifdef CONFIG_B43_SSB
5849 ssb_driver_unregister(&b43_ssb_driver);
5850#endif
5851#ifdef CONFIG_B43_BCMA
5852 bcma_driver_unregister(&b43_bcma_driver);
5853#endif
5854 b43_sdio_exit();
5855 b43_debugfs_exit();
5856}
5857
5858module_init(b43_init)
5859module_exit(b43_exit)